[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Future of kerberised telnet, login, rsh, ftp?
>>>>> "Ken" == Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
Ken> Ah, that's one thing I remember now; it wasn't possible to
Ken> turn encryption _off_ in ssh. We force people to use
Ken> encryption for interactive sessions, but don't require it for
Ken> bulk data transfer. It's easy to segment this out with
Ken> different utilities (rcp versus rsh required writing some
Ken> extra code, but it wasn't hard). Encryption sucks when
Ken> you're rcp'ing around a few terabytes (and yes, we have
Ken> people that do that all of the time).
Good point. Especially if you are transferring files to localhost
(e.g. scp/rsync), perhaps to a different user. Encryption doesn't help
increase security. If the lo device is compromised, then everything is
suspect.
Then again, transferring files in this manner to someone else's
account is a potentially risky operation security wise (both users
have to trust each other in various ways).
Maybe there are better ways, however:
* cp/chown require root access or granting read access to more then
just the one recipient. (ACL might help?)
* http is generally pull, not push. This might change in the future
protocols like DAV. There might be web based systems for
transferring files between registered users, this probably would
require both an upload and a download to the site which is also
inefficient for just copying a file on the one computer.
* email (generally) requires 7 bit encoding and GPG signing of the
entire file in one hit.
* sendfile is not secure and not well used
Any others I missed?
--
Brian May <bam@snoopy.apana.org.au>
- Prev by Date:
Re: Future of kerberised telnet, login, rsh, ftp?
- Next by Date:
Re: Future of kerberised telnet, login, rsh, ftp?
- Prev by thread:
Re: Future of kerberised telnet, login, rsh, ftp?
- Next by thread:
Re: Future of kerberised telnet, login, rsh, ftp?
- Index(es):