[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: conserver with encryption

Iain Rae iainr@dcs.ed.ac.uk
Mon, 21 May 2001 09:41:19 -0700 (PDT)


> 
> I've done it. Yes, it is work. Doing it modularly will be even more work.
> However, in order to do this right (not creating dependency hell), I
> think it's the right way. (Kerberos would be a *whole* lot of work for
> somebody wishing to incorporate that with modularity).

can you point at any decent docs/examples I could take a look at? I was 
thinking of digging through the cyrus-imap or <winces>samba code.
 
> 
> Just my $.02.
> 
> The easiest way would be to just add encryption using something like
> cryptolib. Use DH to gen keys on both ends and then 3DES or IDEA
> or blowfish or whatever to encrypt things. Then have a set of
> #ifdefs in the appropriate place in the communication path to
> initialize the session and before/after network reads/writes to
> encrypt/decrypt.

> 
> This is bare bones. It doesn't provide for man in the middle
> prevention, it doesn't verify authenticaticity. It does prevent
> passwords from transiting in the clear. Using something like this
> with tcp_wrappers provides some additional protection at marginal
> effort increment.

In the first instance all I'm looking to is provide an encrypted channel 
between the various hosts, but if I'm going to do that I'd rather work the 
code to try and make it easier to add other systems and in the med-long term 
we'd (DCS) be looking for kerberos anyway so anything I'd do would have one 
eye on that.

I was also thinking that you would probably want something that didn't require 
an infrastructure to fall back on, not much point in having kerberos if it's 
your kerberos servers you're trying to get to the consoles of.

This pretty much ties you to a  modular system from the start ( if your 
bare-bones system above doesn't work do you drop back to cleartext or drop the 
connection).

-- 
Iain Rae			Tel:01316505202	
Computing Officer		JCMB:2148
Division of Informatics
The University of Edinburgh