I'm not. Apparently I'm not one of the most vocal persons on the list,
and never talk just to talk back.
I agree with your two points, except maybe the first one to some
extent - strong *authentication* may be in the limits of the PM2e CPU
depending on the load (and my point is practically in all case the
load is low enough). You disagree, but I can't imagine a PM2-30 box
with 30 lines each used by rlogin users who spent less than 1 minute
online. Here we have 2 seconds to process each login session (a
few seconds delay at authetication stage won't make a big difference
for a user, so let's assume logins are evenly distributed). Is that
enough to exchange 1024bit RSA keys on 486/40 CPU? Maybe. Is
this a real life situation? I doubt it - more and more people favor
dialup IP over shell login nowadays...
Unfortunately, in your previous messages in this thread you had a few
point which I found erroneous and misleading. I repeat them:
: You are safe from spoofing if you block all traffic with a source of
: your netblock(s) at your border router.
This is incorrect or at least incomplete statement since you are
still vulrnelable from within your network.
: Also, it hard to spoof an entire TCP session setup. The spoofer can't
: see the responses coming back from your server, so he/she needs to guess.
: I don't see how you get very far into a session before you loose control.
This is incorrect, since the intruder doesn't need to "get very far
into a session" to make a big hole in the defense and TCP half-pipe
is enough for that.
You also said
: ssh logins require a lot of CPU power. I don't see ever happening,
: except for the PM3 & the unannouced encryption daughter card.
In my first message I'd asked Livingston about SSH-*style*
*authentication*, not *ssh logins*. Your were absolutely right
about the latter but you'd have read my words better before
jumping at them. I meant exactly what I said - *authentication*,
like in SSH, but not SSH itself (which might be very desirable
but practically is impossible at this time).
All your points combined might lead an innocent listener to
very misleading conclusion:
- hosts.equiv/rlogin scheme is secury enough (provided border
filtering and the latest vendor's patches) to not bother with
strong authentication methods because they require a lot
of investments (vendor's and/or user's side).
You gave the listeners a false sense of security and refused to
admit that. Instead you decided to argue over and over again.
Maybe I have taken that to close to my heart but I went thru
this long time ago, when I asked Livingston about how secure is
their advice in manual to setup hosts.equiv. I got no reply
from Livingston, but some people told me "better make your
users to accomodate to double password prompt than have hosts.equiv".
Since that time Livingston still can't offer a secure solution
to the problem, though the technology is on the street today.
'nuf said.
-- Igor V. Semenyuk Internet: iga@sovam.com SOVAM Teleport Phone: +7 095 258 4170 Moscow, Russia Fax: +7 095 258 4133