[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of kerberised telnet, login, rsh, ftp?

>>>>> "Ken" == Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:

    Ken> Ah, that's one thing I remember now; it wasn't possible to
    Ken> turn encryption _off_ in ssh.  We force people to use
    Ken> encryption for interactive sessions, but don't require it for
    Ken> bulk data transfer.  It's easy to segment this out with
    Ken> different utilities (rcp versus rsh required writing some
    Ken> extra code, but it wasn't hard).  Encryption sucks when
    Ken> you're rcp'ing around a few terabytes (and yes, we have
    Ken> people that do that all of the time).

Good point. Especially if you are transferring files to localhost
(e.g. scp/rsync), perhaps to a different user. Encryption doesn't help
increase security. If the lo device is compromised, then everything is

Then again, transferring files in this manner to someone else's
account is a potentially risky operation security wise (both users
have to trust each other in various ways).

Maybe there are better ways, however:

* cp/chown require root access or granting read access to more then
  just the one recipient. (ACL might help?)

* http is generally pull, not push. This might change in the future
  protocols like DAV.  There might be web based systems for
  transferring files between registered users, this probably would
  require both an upload and a download to the site which is also
  inefficient for just copying a file on the one computer.

* email (generally) requires 7 bit encoding and GPG signing of the
  entire file in one hit.

* sendfile is not secure and not well used

Any others I missed?
Brian May <bam@snoopy.apana.org.au>