It looks like TLS with a trust store would be the way to go. Better than to roll your own.
Marc-André LAVERDIÈRE "Perseverance must finish its work so that you may be mature and complete, not lacking anything." -James 1:4 mlaverd.theunixplace.com/blog /"\ \ / ASCII Ribbon Campaign X against HTML e-mail / \ 2010/7/22 Prakash Rao <prakashrao1...@gmail.com>: > Thanks for the response... > > I was just going through various protocol buffer discussion forum > topics and found the below one which talks about putting a signature > in proto object and do a validation before processing the payload. I > believe this is what you guys are referring to when you say "add HMAC > to your proto messages". Yes, this is something simple that can be > tried out. > > http://groups.google.com/group/protobuf/browse_thread/thread/a3a2742bffe3a8e5 > > We have SSL for our http communication and we allow communication from > client only if server certificate is imported in the client keystore. > I'm just curious to find out best possible ways to avoid my proto > object data tampering (in case of man in the middle of attack) > especially when server is in public domain (internet). > > Regards, > Prakash > > On Jul 22, 9:36 am, Marc-André Laverdière > <marcandre.laverdi...@gmail.com> wrote: >> Protobuf allows you to build your conceptual protocol the way you want it. >> If you want security features on top of it, you can either add it to >> your messages, or you can use a secure network layer that does the >> work for you. Its your call. >> Personally, I'm against reinventing the wheel, so I use protobuf over >> TLSv1 with a good set of cipher suites configured :) >> >> Marc-André LAVERDIÈRE >> "Perseverance must finish its work so that you may be mature and >> complete, not lacking anything." -James 1:4 >> mlaverd.theunixplace.com/blog >> >> /"\ >> \ / ASCII Ribbon Campaign >> X against HTML e-mail >> / \ >> >> 2010/7/21 Prakash Rao <prakashrao1...@gmail.com>: >> >> >> >> > Is there a way to add security layer to protocol buffer if I'm writing >> > my proto objects to https output stream? In java we have sealed >> > objects and we can have signature attached to it to make sure objects >> > are not tampered on the receiving end. Is there something similar in >> > protocol buffer as well? >> >> > I’m just trying understand what all different options that protocol >> > buffer provides as far security is concerned when compared to web >> > services to make sure data is not tampered. Web services comes with >> > good security models (such XML signature, SAML) to make sure data is >> > not tampered. >> >> > Regards, >> > Prakash >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Protocol Buffers" group. >> > To post to this group, send email to proto...@googlegroups.com. >> > To unsubscribe from this group, send email to >> > protobuf+unsubscr...@googlegroups.com. >> > For more options, visit this group >> > athttp://groups.google.com/group/protobuf?hl=en.- Hide quoted text - >> >> - Show quoted text - > > -- > You received this message because you are subscribed to the Google Groups > "Protocol Buffers" group. > To post to this group, send email to proto...@googlegroups.com. > To unsubscribe from this group, send email to > protobuf+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/protobuf?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To post to this group, send email to proto...@googlegroups.com. To unsubscribe from this group, send email to protobuf+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/protobuf?hl=en.
