On Wed, 2015-02-25 at 10:46 -0500, Alan Conway wrote:
> ...
> One ignorant question: Qpid has a min/max "Security Strength Factor" for
> encryption rather than a binary enable/disable. Is that relevant here?

(Hardly an ignorant question!) You make a very good point, and this
design may indeed be a little simplistic - largely because I've not
implemented the encryption side yet!

1. I doubt that max ssf is all that useful in practice.
2. Effectively pn_transport_require_encryption() is the same as setting
min ssf >1, but is simpler to understand! An alternative might be
pn_transport_require_ssf(int) however that isn't as clear and it's not
obvious how to choose the ssf value. Perhaps the '1' should be
configurable differently.

Some input from those who did the similar work in qpidd might be useful.

Just some random wittering.

Andrew


Reply via email to