Rhys, This is true. Either certificate has this "vulnerability", but with the scenario you were explaining, I made an assumption (as I have never used the service certificate), and I was trying to interpret what you wrote...
If a service certificate doesn't need a pass phrase and it is always running (this is the impression I got from your email), this means anyone could connect to your feeds. With an identity cert, you set the length (in hours) the proxy should be valid. So, in x hours (after my meeting is over) I know my feeds are not available. (I'm not sure if this is similar to the service cert as I have not used them). So to keep our site secure I require our users to start the video and audio servers with a predetermined time limit on the proxy. Sorry if I caused any confusion as I should have better explained what I was trying to say. --Vic -----Original Message----- From: Rhys Hawkins [mailto:rhys.hawk...@anu.edu.au] Sent: Thursday, August 04, 2005 11:00 PM To: vbab...@secsg.uga.edu Cc: ag-t...@mcs.anl.gov Subject: Re: [AG-TECH] Using service certificates for Nodes Hi Vic, I just did a test where I started up the service manager on our video machine with the service certificate and from my desktop node using my personal certificate, I was able to add the video machine as a service manager in the node management and add producers etc. So in theory anybody can do this which is clearly not a good thing. So I put the identity certificate (different to the one on my desktop node) back on the video machine, and I can still add the video machine as a service manager to my desktop node and add VideoProducer services! Again in theory, anybody could do this or have I got something wrong? Cheers, Rhys On Thu, 2005-08-04 at 22:20 -0400, Victor M. Babson, Jr. wrote: > IMHO, > > The only drawback is one could connect to your audio/video servers from > unintended computers beit local or otherwise. Of course, they would need > your IP's, but if someone knows, they could eavesdrop. > > --Vic >
