Subject: Re: ssh
To: RJ Atkinson <>
From: Simon J. Gerraty <>
List: tech-security
Date: 12/17/2000 23:50:09
>>I've been told that strong, user-level encryption 
>>is available to telnet. 

>        It is not clear to me that the above is generally true,
>even if I knew what the author above meant by "strong" or 
>"user-level" in this context.

Not sure what "he" meant either, but SSL telnet (eg my stelnet)
provides authentication via X.509 certs (typically 1K), 
with support for CRL's etc - much better situation that the 
RSA authentication in SSHv1, and stream ciphers (pick your favourite)
with 256bit keys.

This is "user-level" security in that the telnetd knows if it gets 
connection the level of security it offers.  With say link level
security its often a false sense of security.

>        There were several different research projects on that, 
>but none was ever widely available.   It is not clear to me 
>whether any of the Telnet security enhancements provided security. 

Oh?  Don't know which ones you are thinking of, but I'm pretty sure
stelnet did the job.

But as I said in my first post - which I failed to cc to the list
I use SSH just as much or more than the SSL based tools I wrote,
because SSH has features that I didn't want in those more restrictive
tools but find handy in many envs - eg X forwarding ;-)
And lets face it - everyone uses SSH.

The biggest problem with "secure" telnet - as you noted, is lack of