Simon Josefsson <[EMAIL PROTECTED]> writes: > Teddy Hogeborn <[EMAIL PROTECTED]> writes: > >>> This might introduce network timeouts, but if the Mandos client is >>> robust about that there shouldn't be a problem. >> >> I'm not sure what you mean. Should not a TLS connection over TCP >> be alive indefinitely even if no data is sent over it? > > NAT firewalls tend to drop TCP sessions without any traffic over > them after some time. Possibly the client could retry after some > interval. Maybe your protocol could contain a ping-function. This > would add some complexity, so for simplicity might be better to > avoid.
If this really would be a problem for somebody, should not this simply be solved by setting SO_KEEPALIVE? Now, the system as it is today is restricted to the local network (no network configured in the initrd, so we use IPv6 link-local addresses), so this should never happen. >> The point is, any one of those things only gives half of the key; >> an attacker would need both physical control of a Mandos client >> *and* root on the Mandos server to successfully decrypt the >> clients' disks. > > Right. The blob sent from the Mandos server is only possible to > decrypt by the particular Mandos client, right? Yes, exactly. >> Oh well, that can wait until version 2. :-) > > Or left as an exercise for the reader. :) Yes, we created the plugin system partly for this. :) /Teddy Hogeborn & Björn Påhlsson, the Mandos Team
pgp9uzrLnv0gz.pgp
Description: PGP signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
