Subject: Re: Any point to cvs using rsh? (was Re: Anoncvs pointer)
To: None <current-users@netbsd.org>
From: Dan Melomedman <dan%dan.dan@devonit.com>
List: current-users
Date: 12/13/2002 22:09:42
Gary Thorpe wrote:
> Thats kind of what I was asking...since things like anonymous ftp and
> anonymous cvs may not necessarily require data encryption but NEED
> protection against host spoofing/session hijacking (almost all TCP
> services?), would something like IPSEC be appropriate? Would it require
> less resources to implement, or is it the same effect as SSH just moved
> lower down the protocol stack? Is there a way to ensure the computer
> you are talking to is actually the one you want to talk to without
> encrypting the data stream itself?
This is something I've always wondered myself about. Why wouldn't
OpenSSH developers add a feature to disable encryption for people who
only need authentication, and don't need encryption to waste
bandwidth/CPU cycles. Should be simple enough. IPSEC is just too much
work to set up compared to SSH.