Le 26 janvier 2011 à 13:57, David Voit <david@codersau.de> a écrit :

> 2.) Do we really need client authentication, for every component? For the
> arbiter, sure we need it - else we get a botnet like system. But the other
> components?
>      Reactoner and broker, need to authenticate too, else the "bad guys"
> could get secret data (all theoretical)



I'd say yes, all components must securely connect to others to avoid any security breach.



> 3.) What about self-signed keys? We could add know_hosts and
> autheriezed_keys infrastructure instead of the CA handling. I have sample
> code for this,
>     but this needs a callback infrastucure in pyro (set_verify callback
> interface). Is it worth it?



Pyro is already not very smart, and you wanna make this even more dirty :p


More seriously, I personnaly prefer the CA way, more natural and "professionnal" imho.


We discussed also on the future possibility to make the certificates creation automatic for components (scheduler, poller, roker, reactionner), like done in the Prelude IDS project.



> I also recommend that we don't ship certs with the tarball, but generate
> them at install time.



+1, I've already pointed that out ;)