This page is no more maintained, the current one is at https://www.tiian.org/flom/security/Security.html
FLoM security is based on two major topics:
The source code of FLoM has not yet been reviewed by a security expert.
Please pay attention that there's no guarantee related to FLoM security: you can use it, in accordance with the terms of the GNU General Public License, at your own risk.
If you are a security expert and you want to collaborate, please post your feedback using the Discussion forum.
There are 3 different security levels:
1. no security: this is the default behavior
2. channel encryption: this is the easiest security level to configure
3. mutual authentication: this is the strongest security level offered by FLoM
The default behavior of FLoM is to use clear text TCP/IP sessions without any type of security.
With this configuration:
With this configuration FLoM uses the TLS standard to encrypt the TCP/IP network traffic and:
Node 1 uses a X.509 certificate signed by the certification authority CA1.
Node 2 uses a X.509 certificate signed by the certification authority CA1.
Node 1, 2, 3 and 4 use the same X.509 certificate signed by a certification authority.
In general, you can create a network of secured peers with a set of X.509 certificates signed by a single certification authority. A trivial configuration is the re-use of the same certificate for many peers.
This configuration extends Channel Encryption with a dedicated X.509 certificate for every node/system (physical or virtual) that hosts FLoM processes.
This security level requires a more complex setup, but adds a security constraint: only the nodes/systems with a dedicated X.509 certificate signed by a specific certification authority can join and work together.
Every node in the network has its own Unique ID that can be retrieved with the command:
flom --unique-id
(FLoM uses dbus to retrieve a system unique identifier).
With mutual authetication you have to:
Follow these links for a full description of the configuration examples:
TLS can be difficult to debug due to many possible issues:
FLoM provide an integrate debugging tool that can be used to test a TLS client/server and peer to peer connection.
There are two debugging sessions available:
Wiki: Channel Encryption Debug
Wiki: Channel Encryption
Wiki: Home
Wiki: Mutual Authentication Debug
Wiki: Mutual Authentication