[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: conserver with encryption

Doug Hughes doug@gblx.net
Mon, 21 May 2001 15:00:06 -0700 (PDT)

On Mon, 21 May 2001, Iain Rae wrote:

> > 
> > I've done it. Yes, it is work. Doing it modularly will be even more work.
> > However, in order to do this right (not creating dependency hell), I
> > think it's the right way. (Kerberos would be a *whole* lot of work for
> > somebody wishing to incorporate that with modularity).
> can you point at any decent docs/examples I could take a look at? I was 
> thinking of digging through the cyrus-imap or <winces>samba code.
cyrus might be a descent one.
I wouldn't do samba though. WAAY too big. It's a good example of
super-abstraction, but can be difficult to follow. I can't really think
of any small examples off the top of my head using cryptolib.
I've written some stuff, but not sure how clean it is. ;)

> > 
> > Just my $.02.
> > 
> > The easiest way would be to just add encryption using something like
> > cryptolib. Use DH to gen keys on both ends and then 3DES or IDEA
> > or blowfish or whatever to encrypt things. Then have a set of
> > #ifdefs in the appropriate place in the communication path to
> > initialize the session and before/after network reads/writes to
> > encrypt/decrypt.
> > 
> > This is bare bones. It doesn't provide for man in the middle
> > prevention, it doesn't verify authenticaticity. It does prevent
> > passwords from transiting in the clear. Using something like this
> > with tcp_wrappers provides some additional protection at marginal
> > effort increment.
> In the first instance all I'm looking to is provide an encrypted channel 
> between the various hosts, but if I'm going to do that I'd rather work the 
> code to try and make it easier to add other systems and in the med-long term 
> we'd (DCS) be looking for kerberos anyway so anything I'd do would have one 
> eye on that.
> I was also thinking that you would probably want something that didn't require 
> an infrastructure to fall back on, not much point in having kerberos if it's 
> your kerberos servers you're trying to get to the consoles of.
> This pretty much ties you to a  modular system from the start ( if your 
> bare-bones system above doesn't work do you drop back to cleartext or drop the 
> connection).
well, I was thinking of it more as compile time options, but you could
have run time options of which one to use too. That adds more complexit