Re: [Clockwork-developers] More on security
Status: Planning
Brought to you by:
jlouder
Menu
▾
▴
Re: [Clockwork-developers] More on security
|
From: Shawn M. <smc...@ei...> - 2003-01-26 21:39:17
|
On Sun, Jan 26, 2003 at 03:36:43PM -0500, Joel Loudermilk said: >=20 > key. Shawn explained to me that the keys are symmetric, meaning that you > can either encrypt a message with the public key and decrypt it with the > private key, or you can encrypt with the private key and decrypt with the > public key. Actually, that makes them asymmetric, but you have the technical gist correct. > message. I suppose we could make this communication not encrypted, but ju= st > with a digital signature in it, but it seems awful easy to make the whole > conversation encrypted, and then there are no issues with someone snooping > secret data (although it's probably not very important data). Since we have to set up a secure channel anyway, it may be not much of a performance hit to use it for commands. AES, DES, et. al. were designed to be used on machines as stupid as smart cards, so we should get acceptable performance. > (2) How multiple servers work with authentication. My examples above talk > about multiple agents and one server, but we know there will be multiple > servers. My first thought is for all servers to have a copy of the > private key. I think this would still be secure, and would allow everythi= ng > to continue to work as I described. I agree. > that level of security could be optional. Also, the administrator needs to > be able to change the schedule's key pair if it's compromised. It would be > nice if this could be done without stopping the servers (outages are bad, > right?). If we make it difficult to change the key pair, the administrator > will be less likely to do it. We could make a mechanism for distribution of new keys over the existing channel, but you wouldn't want it to be the only way, in case your reason for sending new keys was because the old ones were compromised. But as a prophylactic measure it'd be useful. --=20 Shawn McMahon | Every time you walk out of the house FedEx Services | with clothes on, you give up freedom DSS-MCO Security Lead | for temporary safety. |
