2011/1/14 Grégory Starck
>
>
> Le 14 janvier 2011 12:40, Grégory Starck a écrit :
>
> 2011/1/14 Laurent Guyon
>>
>> Le vendredi 14 janvier 2011 à 10:58 +0100, Hartmut Goebel a écrit :
>>>
>>> > Yes, and send the password unencrypted. *gnaa*
>>>
>>> A channel can be encrypted but not authenticat
Le 14 janvier 2011 12:40, Grégory Starck a écrit :
> 2011/1/14 Laurent Guyon
>
> Le vendredi 14 janvier 2011 à 10:58 +0100, Hartmut Goebel a écrit :
>>
>> > Yes, and send the password unencrypted. *gnaa*
>>
>> A channel can be encrypted but not authenticated ^^
>
>
>> Laurent
>>
>>
>
> Hi,
>
> I
2011/1/14 Laurent Guyon
> Le vendredi 14 janvier 2011 à 10:58 +0100, Hartmut Goebel a écrit :
>
> > Yes, and send the password unencrypted. *gnaa*
>
> A channel can be encrypted but not authenticated ^^
> Laurent
>
>
Hi,
I followed this thread quite "diagonally" (so sorry if this reply looks
Le vendredi 14 janvier 2011 à 10:58 +0100, Hartmut Goebel a écrit :
> Yes, and send the password unencrypted. *gnaa*
A channel can be encrypted but not authenticated ^^
Laurent
--
Protect Your Site and Customers from
Le 14/01/2011 10:59, Hartmut Goebel a écrit :
> But nevertheless please stop full-quoting. Thanks!
And HTML posting and this list would become readable ;-) Thanks !
--
Fly
--
Protect Your Site and Customers from Malware
On Fri, Jan 14, 2011 at 10:58 AM, Hartmut Goebel wrote:
> Am 14.01.2011 10:55, schrieb nap:
> > Oh sound fun and quite useful. Can be an arbiter module. The arbiter
> > should open a "non ssl" port so others can connect, and then ask/send
> > passphrase and get the certificate. I add it in the id
Am 14.01.2011 10:56, schrieb nap:
> I hope realms and all the distributed features are considered as
> "enterprise grade" features too ;)
Of course. I should have written "another".
But nevertheless please stop full-quoting. Thanks!
--
Schönen Gruß - Regards
Hartmut Goebel
Dipl.-Informatiker (u
Am 14.01.2011 10:55, schrieb nap:
> Oh sound fun and quite useful. Can be an arbiter module. The arbiter
> should open a "non ssl" port so others can connect, and then ask/send
> passphrase and get the certificate. I add it in the ideas + trac to
> see if people are interesting in it :)
Yes, and s
I hope realms and all the distributed features are considered as "enterprise
grade" features too ;)
Jean
On Fri, Jan 14, 2011 at 10:38 AM, Hartmut Goebel wrote:
> Am 14.01.2011 10:37, schrieb Laurent Guyon:
> > Perhaps such a thing could be sexy in the future, so you only create the
> > CA on
On Fri, Jan 14, 2011 at 10:37 AM, Laurent Guyon wrote:
> Le vendredi 14 janvier 2011 à 09:52 +0100, nap a écrit :
>
> > Yes it's true. I'll update the "security" chapter of the
> > documentation. But with lazy admin, you can't have security. No matter
> > what the application does, the worse the a
Am 14.01.2011 10:37, schrieb Laurent Guyon:
> Perhaps such a thing could be sexy in the future, so you only create the
> CA on the arbiter (done by distro package why not), and all other steps
> (server certificates creation and distribution) are done automagically ?
Hey, you are proposing "enterpr
Le vendredi 14 janvier 2011 à 09:52 +0100, nap a écrit :
> Yes it's true. I'll update the "security" chapter of the
> documentation. But with lazy admin, you can't have security. No matter
> what the application does, the worse the admin is, the worse the
> system will be :)
>
> With this way of
On Fri, Jan 14, 2011 at 9:42 AM, Laurent Guyon wrote:
>
> > The current code use certificates, so what certif did you give to your
> > rogue arbiter? The sample cetifs are just samples. Every one got the
> > same, so they are not good for authentification. I put a doc about how
> > create new ones
> The current code use certificates, so what certif did you give to your
> rogue arbiter? The sample cetifs are just samples. Every one got the
> same, so they are not good for authentification. I put a doc about how
> create new ones in the wiki.
The only problem I see is precisely supplying a f
The current code use certificates, so what certif did you give to your rogue
arbiter? The sample cetifs are just samples. Every one got the same, so they
are not good for authentification. I put a doc about how create new ones in
the wiki.
I think we won't go any thurser that X50 certificates, if
Hi,
> In the same way, imho, securing the livestatus module socket
> should be thought about (for example limiting hosts/IP that
> can send requests), against malveillant users that could send
> external commands or malformed requests (DoS).
that's true, but i don't think this belongs into the
Hi Jean,
I just seen on git that you have begin to work on securing
communications using SSL.
My question : will the SSL be used only to encrypt communications, or
also to make some authentication between daemons to secure the
infrastructure ?
Because I've made some experiments today and actuall
17 matches
Mail list logo
