Re: one password prompt wanted instead of two

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Igor V. Semenyuk: "Re: one password prompt wanted instead of two"
• Previous message: jp@sugar.midcoast.com: "Re: Slow FTP from livingston site"
• In reply to: jp@sugar.midcoast.com: "Re: Slow FTP from livingston site"

> > A book publicity site is not a good source of technical info. I can't
> > find anything specific about this. Do you have a more specific URL?
>
> This is not a security mailing list. Check your nearest security archive

You said the site was a good reference. Even though I'm familar with
the details, I checked the site, and found it to be nothing but an
advertisement.

> > Another more important point: does your server use easy to guess
> > sequence numbers? If so, maintaining a spoofed session is much easier.
> > Check with your UNIX vendor.
>
> I assume all your equipment has the latest software from you vendors.
> Are you filtering at your border routers? If yes, why? Guess
> you are not quite sure about your vendor(s)...

Huh? What about UDP spoofing? Your arguement is rather non-sensical.

> > > Considering rather rare occasions this authentication is needed
> > > it should not be a big deal.
> >
> > It is. Every application may not be rare.
>
> And the Moon may fall on the Earth. Let's get real.

So it is rare to use a PM2e as a terminal server that every port rlogins
to a UNIX server, and authentication is required on a very regular basis?
This is not as rare as the moon losing orbit.

> > No session encryption? I would prefer session encryption over
> > authentication, because you could always authentication securely over a
> > encrypted session, and you can run sessions over insecure networks too
> > (which you can if only the authentication is encrypted).
>
> Sure you do. Me, too. But wait, you just said it's quite cpu-intensive
> task, so session encryption is impossible (at least without additional
> hardware power). Now, what would you prefer - no session encryption
> *and* no strong authentication, or strong athentication at least?

I made separate points, and your mistaken to combime them. So here is
a summary:

- strong authentication may not be in the limits of the PM2e CPU
- the PM3 may have a daughtercard available for encryption, as which point
you might well get session authentication at the same time

I'm not sure why you find this so disagreeable, unless you are the type
of person that has to disagree.

> --
> Igor V. Semenyuk Internet: iga@sovam.com
> SOVAM Teleport Phone: +7 095 258 4170
> Moscow, Russia Fax: +7 095 258 4133
>
>

Tom

• Next message: Igor V. Semenyuk: "Re: one password prompt wanted instead of two"
• Previous message: jp@sugar.midcoast.com: "Re: Slow FTP from livingston site"
• In reply to: jp@sugar.midcoast.com: "Re: Slow FTP from livingston site"