Re: Moving telnet/telnetd from base to pkgsrc

[maya%netbsd.org@localhost]

On Sun, Dec 16, 2018 at 10:30:22AM -0500, Greg Troxel wrote:
> > What's the deal wiht IPSEC?
> 
> The protoocol is called IPsec (and often miscapitalized), and our kernel
> option is IPSEC.
> 
> > I've never used it, but I was under the impression it gives encryption
> > for free for things that otherwise don't have it.
> 
> It provides confidentiality and data origin authentication at the IP
> level, via a per-packet protocol called Encapsulating Security Protocol.
> 
> In this respect it is sort of like TLS, but operating at the IP layer
> rather than the TCP layer.
> 
> However, implementations of it are OS services, rather than code in user
> space.  (But the key management is in user space.)
> 
> > Do all the programs need to have ipsec-specific goo to use it? telnet
> > does, as well as having its own encryption code.
> 
> No.  One configures the use of IPsec via Security Policy Database
> entries, which in NetBSD are managed via setkey(8).
> 
> The encryption is telnet is I believe Kerberos.  Kerberos predates IPsec
> by a lot, and is based on symmetric cryptography only (which is all that
> was feasible in the early 80s).   As far as I know, Kerberos processing
> is always done within the application program rather than being a kernel
> service.

Kerberos is only in authentication. The encryption code in the program
is DES.
I asked to delete it but I was told it'd be socially inconvenient to do
so right now. You're a difficult bunch.