On Wed, Jan 26, 2011 at 2:56 PM, Laurent Guyon <lguyon@adelux.fr> wrote:


Le 26 janvier 2011 à 13:57, David Voit <david@codersau.de> a écrit :

and welcome on board :)

> 2.) Do we really need client authentication, for every component? For the
> arbiter, sure we need it - else we get a botnet like system. But the other
> components?
>      Reactoner and broker, need to authenticate too, else the "bad guys"
> could get secret data (all theoretical)



I'd say yes, all components must securely connect to others to avoid any security breach.

Yes, there are list of servers and some things like that. It's better to crypt all of this if the admin want it. and it's not so harder to add such feature for all daemons, and after all, it's already done :p



> 3.) What about self-signed keys? We could add know_hosts and
> autheriezed_keys infrastructure instead of the CA handling. I have sample
> code for this,
>     but this needs a callback infrastucure in pyro (set_verify callback
> interface). Is it worth it?



Pyro is already not very smart, and you wanna make this even more dirty :p

Yes indeed. There are strange things. The server.pem and client.pem are not very clear. you never know which one it is using, adn there is no Pyro way to change the name of client.pem for example. It's not good but I didn't find how to avoid this :(


More seriously, I personnaly prefer the CA way, more natural and "professionnal" imho.

Yes, it's more "harder" but far better than just a crypt channel. We also got auth with it.


We discussed also on the future possibility to make the certificates creation automatic for components (scheduler, poller, roker, reactionner), like done in the Prelude IDS project.



> I also recommend that we don't ship certs with the tarball, but generate
> them at install time.



+1, I've already pointed that out ;)

Yes, it can be a very interesting feature :)
I don't know where is the best place for this (hook in setup.py or in the packager code for installing)? Is ther a packager guy to help us on this point? How is this thing manage in the other projects?

We propose sample certificate that are good for crypt the channel for dummies attack, but it's not safe enough (every one got them!) for true attack in the real world. so auto-generation should be a good thing if we achieve it.






Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
Shinken-devel mailing list