> > My point, however, is that it's still acting as a transport for insecure
> > protocols -- instead of having to set up VPNs or SSH, dammit, FIX THE
> > PROTOCOLS.
>
> I disagree. Why should every implementor of every protocol have to worry
> about authentication, encryption, and so on? Why should we go back and modify
> the billions of lines of existing code to support some new security scheme?
> Why should every implementor have to maintain that security layer? Why should
> administrators have to worry about different keys, options, and so on, for
> every possible protocol? Doesn't it make more sense to handle it in the
> transport layer? We don't expect HTTP to handle error correction. We don't
> expect FTP to handle routing. We pass the work on to a common subsystem.
> Solve the problem once, and be done with it. That makes much more sense,
> IMNSHO.
>
I agree completely. If we can just tunnel FTP (or _whatever_ "old,
insecure" protocol) through a secure socket or such, all is solved.
The security issue of cleartext is gone, and 10,000
developers don't have to change their code, and test that it is indeed
compatible with some new scheme.
I hope and predict that this approach will become widespread in the next
few years.
--Pete
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
