Our monolithic program (which runs in well under a meg including
the program and all memory it uses) is monitored for correct hash (an
algorithm we have to give a 21 byte hash total of files for which I
have never seen two different files with the same hash) from an
off-site program AND onsite
After all my wrangling, I'm leaning towards just using client certs.
Is it a reasonable assumption that on UNIX'es these days I can
expect to find libssl.so AND the openssl command line?
If not, is it reasonable to assume that A sysadmin will
install openssl to get my app to work?
Otherwise,
I have an easy solution I use because not only do you have the
problem with admins not having the library installed, you have the
problem of them having the wrong version installed for something they
need. Your app or theirs won't work. Or yours will, and they update
openssl and it no longer
On 10/28/11 12:39 PM, Eric S. Eberhard wrote:
I have an easy solution I use because not only do you have the problem with
admins not having the library installed, you have the problem of them having the
wrong version installed for something they need. Your app or theirs won't work.
Or yours
Kristen,
Your points are all good. However, I have found the compatibility
not good with customer installed versions versus my own. One of the
problems, for example, could be that openssl compiles with a certain
type of threads, not the same as your application. Same with
semaphores and
On 10/27/2011 2:14 AM, Kristen J. Webb wrote:
On 10/8/11 1:16 AM, Michael Sierchio wrote:
On Fri, Oct 7, 2011 at 7:40 PM, Kristen J.
Webbkw...@teradactyl.com wrote:
My understanding is that a TLS connection with a server cert
only identifies the server to the client. This leads to a MiTM
On Wed October 26 2011, Kristen J. Webb wrote:
Having an app that can use certs, it
appears, is nothing compared with how to deploy it and manage those certs ;)
A general truism not specific to certs.
Recognizing (or implementing) a need for trust is one thing;
Determining (or establishing)
On 10/8/11 1:16 AM, Michael Sierchio wrote:
On Fri, Oct 7, 2011 at 7:40 PM, Kristen J. Webbkw...@teradactyl.com wrote:
My understanding is that a TLS connection with a server cert
only identifies the server to the client. This leads to a MiTM
attack, where the mitm can impersonate the
On 7 Oct 2011, at 7:40 PM, Kristen J. Webb wrote:
I'm exploring the security of TLS for TCP/IP connections.
I would like to establish TLS connections using server certificates
(managing client certs via external or internal PKI is painful).
My understanding is that a TLS connection with a
On 10/26/11 6:35 PM, Wim Lewis wrote:
On 7 Oct 2011, at 7:40 PM, Kristen J. Webb wrote:
I'm exploring the security of TLS for TCP/IP connections.
I would like to establish TLS connections using server certificates
(managing client certs via external or internal PKI is painful).
My
On Fri, Oct 7, 2011 at 7:40 PM, Kristen J. Webb kw...@teradactyl.com wrote:
My understanding is that a TLS connection with a server cert
only identifies the server to the client. This leads to a MiTM
attack, where the mitm can impersonate the client because the server
has not verified the
Hi All,
I'm exploring the security of TLS for TCP/IP connections.
I would like to establish TLS connections using server certificates
(managing client certs via external or internal PKI is painful).
My understanding is that a TLS connection with a server cert
only identifies the server to the
12 matches
Mail list logo
