Subject: Re: Any point to cvs using rsh? (was Re: Anoncvs pointer)
To: None <current-users@netbsd.org>
From: David S. <davids@idiom.com>
List: current-users
Date: 12/13/2002 13:26:10
>
> Thats kind of what I was asking...since things like anonymous ftp and
> anonymous cvs may not necessarily require data encryption but NEED
> protection against host spoofing/session hijacking (almost all TCP
> services?), would something like IPSEC be appropriate? Would it require
> less resources to implement, or is it the same effect as SSH just moved
> lower down the protocol stack? Is there a way to ensure the computer
> you are talking to is actually the one you want to talk to without
> encrypting the data stream itself?
Walk/bicycle/drive/fly over to said computer, log-in and obtain its
PKI certificate/SSH key/shared secret on some sort of portable media,
walk/bicycle/drive/fly back to your computer, and install it. Either
that, or trust a third party - certificate authority, Keberos domain
controller, etc. - to verify the identity of the remote machine.
Encyption alone cannot establish the identities of either party in
a conversation.
David S.
>