Path: utzoo!attcan!uunet!husc6!mailrus!cwjcc!gatech!mcnc!ecsvax!dukeac!bet
From: bet@dukeac.UUCP (Bennett Todd)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Getting Vendors To Fix Bugs
Message-ID: <1108@dukeac.UUCP>
Date: 17 Nov 88 19:29:33 GMT
References: <2120@kalliope.rice.edu> <1801@sbcs.sunysb.edu>
Reply-To: bet@dukeac.UUCP (Bennett Todd)
Organization: Radiology, Duke Med. Center, Durham, NC
Lines: 16

In article <1801@sbcs.sunysb.edu> root@sbcs.sunysb.edu (root) writes:
->In article <2120@kalliope.rice.edu>, hd@kappa.rice.edu (Hubert D.) writes:
->> We've been looking at software to connect our PCs and MACs
->> to SUNs and [...]
->	Huh?  If you let anyone on your Ethernet cable with a PC you've
->	basically just given up any hope for security.  Even active
->	methods like Kerberos will not protect you from people who
->	just listen to eg TCP sessions on the cable.  

Are you sure about that? I thought I sorta understood Kerberos, and that it
was distinguished as the only authentication protocol that was robust and
secure in the face of hardware eavesdropping, interception, and injection of
messages. The "dialog" is pretty fun reading, and explains the contortions --
and the reasons for going through the contortions -- pretty clearly.

-Bennett