I fully expected this response and appreciate your input. "In the clear"
is somewhat vague, though. For example, what if they were simply Base64
(or uuencode, or rot13, or...) encoded ? Then they're not in the clear,
but the "encryption" is keyless and therefore somewhat trivial.
>One useful scheme is S/Key: it's free, easily avaiable and fits into
>the existing paradigms.
Could you provide a pointer ?
>Much stronger schemes are also available, e.g. Kerberos, public key
>systems, etc.
These are overkill for many applications, hence my request. I'm looking
more for the "window latch protection" - it won't keep a determined
burgler out of your house, but it will keep the honest person honest.
>This point has been identified as a critical issue in the security of
>the Internet and highlighted in a recent Internet Architecture Board
>workshop.
I appreciate your input and will hopefully not perpetuate passwords in the
clear (such as TELNET, FTP, etc). How does IETF propose to enhance these
existing protocols ? Surely they won't jump from "clear" to DES and
digital signatures ? Perhaps there is some common ground here ?
Mike
-----------------------------------------------
Michael A. Dolan - <mailto:miked@cerfnet.com>
TerraByte Technology (619) 445-9070, FAX -8864