Subj : RE: Secure binkp
To   : Oli
From : NuSkooler
Date : Wed Nov 27 2019 09:25 am


Oli around Wednesday, November 27th...
Ol> For testing we can use self-signed certs.

If you don't want to muck around with CA's (I'd highly recommend you *do*; ACME
/ Let's Encrypt works very well -- but you *do* need domains and the like),
the "sign up" process simly becomes "Trust this particular cert", which isn't
really that bad.

On Wednesday, November 27th Oli said...
Ol> What is still missing is some authentication of incoming connections if
Ol> no session password is configured. On the TLS level we could use client
Ol> certificates, but it would make everything more complicated and less
Ol> flexible.

I've used client authentication many times over the years, what are you
concerns over compliexity/less flexible here? As for passwords, they are now OK
to send as they don't go over the wire unless the TLS handshake completes (or
maybe I'm misunderstanding what you're saying here)


--
>> NuSkooler
>> Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
>> ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.