Iain Buchanan wrote:
On Mon, 2005-06-20 at 16:54 -0700, David Busby wrote:
Gurus,
In this hypothetical situation how would someone break in or view the data
transmitted?
[snip]
Since traffic is limited to IPs that I trust and everyone must have a certificate signed by my CA how can jerks break
into my box? Seems to be to be pretty solid, so I must be missing something.
1. Change my ip to one that you trust.
The hacker still would not be able to present a valid certificate,
though, right? This depends on what the OP meant when he said "If the
client is not signed I generate and securely transmit a cert to the
client and then open the network to their IP." Do you mean that you
do this in an automated way (blech), or is it done manually in some
offline manner (better)?
2. Break into a box you trust which may not be so locked down as yours
is...
This is the biggest hole that I see.
JZ
--
gentoo-user@gentoo.org mailing list
