On 5/15/06, Victor Duchovni <[EMAIL PROTECTED]> wrote:
On Mon, May 15, 2006 at 10:36:08AM +0200, gmu 2k6 wrote:
> this is going into a new PBX so it in the first step is it more like
> an independent box without dependence on Kerberos. I'm gonna
> issue certificates for all nodes and use those to authenticate
> inter-service connections. With TLS I then can also encrypt the
> complete traffic.
Likewise with Kerberos, but it seems that TLS better fits your needs,
which is fine.
yep, I think TLS suits our needs pretty good, especially the flexibility
of the protocol which can come handy in case someone insists
on disabling some modes for extreme performance but I will first
start with the assumption that TLS-overhead is negligible.
> Moreover for some reason the ppl on sci.crypt
> told me to use TLS in EDH (ephemeral DH mode) vs RSA mode.
http://en.wikipedia.org/wiki/Perfect_forward_secrecy
so RSA mode does not support this and may possibly be patented, I guess.
PS: thanks for all the good advice from all of you. openssl-* lists seem to
be a friendly and helpful place.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
