I'm preparing to go to Defcon next week, and to help avoid getting owned I'm planning to bring along a Plan 9 laptop. I'd like to be able to mount, say, my home fileserver while I'm there, but 9P traffic goes out unencrypted if you use "srv" rather than "import -E ssl". This got me to fiddling with tlssrvtunnel and tlsclienttunnel, but I've run into some problems:
(gozer is the cpu server, x61 is the terminal) gozer% tlssrvtunnel tcp!gozer!564 tcp!*!12345 cert.pem # I created cert.pem using auth/rsagen, rsa2x509, and pemencode listen started gozer% # I did sha1sum of cert.pem and, on the client side, created "thumb" containing "x509 sha1=<hash> cn=*.<myauthdomain>" where myauthdomain is the same domain I used to create the cert x61% tlsclienttunnel tcp!gozer!12345 tcp!*!564 thumb x61% srv net!x61!564 x61 x61% mount /srv/x61 /n/x61 mount: mount /n/x61: EOF receiving fversion reply I can't seem to find any mention of these programs in 9fans except for the initial announcement of their creation. Did I do something wrong along the way? I'm not very familiar with TLS so it's definitely possible. On a more general note, I've decided that probably the smartest option will be to "import -E ssl myhomesystem /net" (because after 9 years, import still doesn't support TLS or SSL v3) so I can essentially tunnel all communication out that way... I'll have to use the open wifi, since Plan 9 doesn't do WPA, and I wouldn't trust Defcon's WPA network either in any case. Can anyone think of a problem with this plan, besides the fact that anyone sniffing packets will figure out that the owner of jfloren.net is quite probably in attendance? John
