Hello Scott,
I hope you received my earlier mails too I sent to
[EMAIL PROTECTED]
For the point 5 mentioned by you after authentication, I also need to
know that
Is the control channel which is setup between User1 and User2 secure
enough to send the 16-char random string (symmetric password) used for
Data Channel? I assume that the string sent over control channel is
encrypted somehow.
Also I assume that the control channel is used only to send the symmetric
password so that a data channel gets created for all data transactions.
Does the Control channel gets reused once a data channel is created or is
no longer needed ?
Is their some lifetime concept for the data channel?
If I think of IKE (Internet Key Exchange) protocol used to negotiate keys
for IPSEC, Can I relate this Control channel to be similar to IKE Phase1
and Data Channel to be similar to IKE Phase2 though I see lot of
difference in the IKE and Kaboodle implementation. It seems in Kaboodle
data keys are not negotiated/generated by both ends rather a symmetric
password from one end is transferred to the other party and then used by
both to make the data traffic secure.
Please suggest if I am wrong in understanding something..
Thanks,
Meenakshi
On Sun, 8 Dec 2002 16:00:36 -0800 (PST), "meenakshi arora"
<[EMAIL PROTECTED]> said:
--- "Scott C. Best" <[EMAIL PROTECTED]> wrote:
Date: Sat, 7 Dec 2002 21:52:57 +0000 (GMT)
From: "Scott C. Best" <[EMAIL PROTECTED]>
To: meenakshi arora <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Kaboodle VPN overview
Meenakshi:
Hello! The biggest limitation of the current VPN
feature
is the lack of peer review. :) That is, I believe it
works as follows:
1. User1 on LAN1 downloads Kaboodle and registers
its VPN capabilities
at www.GetEngaged.net. That is, they download a
"registration
file", essentially a signed secret-key.
2. User2 on LAN2 does the respective thing for their
network.
3. User1 on LAN1 creates a Partnership file with
User2 on the same
site. Both users download and install the
Partnership file,
essentially a signed public key.
4. USer1 or User2 then initiate a connection.
Kaboodle does a
Gnutella search for the Partnership file
associated with the
connection. Once the file is found, it is
authenticated on both
sides using the secret-key information from #1.
5. After authentication, a "control channel" is
setup using TCP port
4282. An 16-char random string is transferred
across this channel.
6. Using that string as a symmetric password, a
Zebedee connection
is initiated from one side to the other, using a
user-defined
TCP port (defaults to 11965, the Zebedee
default).
7. All data transactions now go across this "data
channel".
Version 0.99 (which you can get from the "alpha"
directory
on ftp.Kaboodle.org) should do all of this. I know
that using that
connection, I can do all of the above and then VNC
across the secure
connection (I can see from tcp-dumping the LAN
traffic that the
right ports are being used). I have just not
*confirmed* that the
security model works exactly as I have specified
above. One of the
coders may have, unknowingly, taken a shortcut in
the interest of
functionality.
Would you be able to review such a thing?
thanks,
Scott
> > PS: It'd be great if you could join the
> > Kaboodle-devel email list.
> > I've CC'd it here in my reply.
> >
> > On Fri, 6 Dec 2002, meenakshi arora wrote:
> >
> > > Hello Scott,
> > > Could you please send me the list of current
> > > limitations of the VPN feature which I can start
> > > working on. Also If you could send me other
> > features
> > > limitaions too I would like to review them.
> > >
> > > I would be needing your guidance to chose a
> > direction
> > > to start.
> > >
> > > Thanks,
> > > Meenakshi
> >
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
--
Meenakshi Vohra
[EMAIL PROTECTED]
--
http://fastmail.fm - IMAP accessible web-mail
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Kaboodle-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/kaboodle-devel
