by default we encrypt headers only when using authenticated connections.

It is a matter of changing a flag to make this "everything" encrypted.  Our
encryption is currently weak xor, but Robert Watson is working on patches
for all kinds of encryption.

- Peter -


At 08:43 AM 2/7/99 -0800, you wrote:
>hi there:
>
>i set up a coda client this weekend, accessed the testserver at cmu, and
>am very impressed. 
>
>after going through the setup docs and security paper on the coda web
>site, i still do not understand if communications beyond the initial
>authentication is encrypted.
>
>the security writeup ``Coda Authentication and Protection'', linked as
>``Notes and explanations about Coda securtiy.'' was interesting but
>still didn't make it clear whether coda is encrypting all communications
>or if the references to encryption in coda apply to the authentication
>process only.
>
>if anyone on the list has a better clue than me, please share!
>--
>                          sean dreilinger, mlis
>                          mailto:sean_at_durak.org
>                          http://durak.org/sean