TCP/IP transport status
gillou.ray at free.fr
gillou.ray at free.fr
Sun Jun 6 08:24:50 PDT 2010
On Sun, 6 Jun 2010 08:58:24 -0400
Havoc Pennington <hp at pobox.com> wrote:
> 2010/6/5 Rémi Denis-Courmont <remi at remlab.net>:
> > This is largely inherit to TCP itself. I fail to see how "progress"
> > could be made.
> >
>
> It is fairly simple to make it work just like X, which is the common
> case.
>
> * make ssh forwarding work automatically, which does the encryption
As long as it requires the user to manually set up this, I consider such
a thing as a last resort hack. Thanks for the tip :)
> * with a shared NFS homedir, authentication should then work fine
> (uses the existing cookies in homedir)
> * could extend the authentication with tools to support manually
> copying auth cookies around for non-shared homedir, or even put
> cookies on X server
I understand the trick. Same as previous remark.
> For cases other than X sessions, you'd have to see what you need for
> those. There is an "anonymous" auth mechanism already if you want to
> make a dbus server that is just a network server taking anonymous
> connections, like http.
I saw that, at least we can avoid the authentication and send
everything in clear.
Are the dbus developpers interested in adding a new
authentication/encryption system ? Like something for instance based on
preshared static keys, like the openvpn method [0]. Does it sounds
technically possible ? What if someone would send a patch for this ?
[0]
http://openvpn.net/index.php/open-source/documentation/security-overview.html
-- Gilles
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20100606/9bfdcd02/attachment.pgp>
More information about the dbus
mailing list