[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wish list

To: securedistros@nl.linux.org
Subject: Re: wish list
From: Raj Mathur <raju@sgi.com>
Date: Mon, 7 Jun 1999 09:46:30 +0530 (IST)
In-Reply-To: <Pine.LNX.4.05.9906062016540.11049-100000@Nathan.ADHosting.Com>
References: <199906070232.WAA04802@alcove.wittsend.com><Pine.LNX.4.05.9906062016540.11049-100000@Nathan.ADHosting.Com>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@humbolt.nl.linux.org

Some thoughts on the secure communications front:

SSL Telnet => replaces telnet.  Does SSL Telnet have a fallback to
regular telnet if the remote client/server doesn't support it?

SSH => replaces rlogin, rsh.  Ssh falls back to rsh.

Apache + SSLeay => replaces regular Apache.  SSLeay (and in fact any
SSL implementation) is a CPU hog when handling secure connections, but 
all we're going to use it for is changing passwords through a web
page, right? ;-)  There're hardware SSL encryption cards available,
but not general enough yet.

Mail:  Hmm, this is an interesting one.  Enough people use enough
different types of clients to make enforcing a standard mail client
difficult, if not impossible.  And though this will be a distribution
by itself, I personallyt wouldn't be too happy if it didn't allow me
to use, e.g. Xemacvs+VM for my mailing.

One solution is to enable certificate-oriented encryption for e-mail.
I'm sure that the OpenLDAP can be hacked (if it hasn't already been
done) to store and serve certificates, and then any mail client which
can talk LDAP (and the number of these is growing) and to a
certificate server can use PGP, GnuPG or another external package to
do the encryption.

We/I need to do some brainstorming and formalise this.

Regards,

-- Raju

>>>>> "Nathan" == Nathan Staab <nathan@Nathan.ADHosting.Com> writes:

    Nathan> my wish list item is that if we could possibly use secure
    Nathan> telnet and sshd, so either way our communications between
    Nathan> us and the server we are connected to are encrypted. that
    Nathan> way any passwords or anyone sniffing the network would not
    Nathan> get the passwords to anyone logging into that server.  the
    Nathan> only downside is that you have to generate your own
    Nathan> certificate using the ssleay package(or whatever it may be
    Nathan> called now)..
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

Follow-Ups:
- Re: wish list
  - From: Nathan Staab <nathan@Nathan.ADHosting.Com>
- Re: wish list
  - From: John <john@fiend.securesys.com.au>

References:
- Re: wish list
  - From: "Michael H. Warfield" <mhw@wittsend.com>
- Re: wish list
  - From: Nathan Staab <nathan@Nathan.ADHosting.Com>
- Re: wish list
  - From: Nathan Staab <nathan@Nathan.ADHosting.Com>

Prev by Date: Re: wish list
Next by Date: Re: wish list
Prev by thread: Re: wish list
Next by thread: Re: wish list
Index(es):
- Date
- Thread