Re: [gomd-devel] Authentication follow-up

[Gian Paolo Ghilardi]

Hi roeles.

Some words about the encryption issue.

Of course, as gomd is growing up, we need to implement a good security
level.
Encryption is just one of the thing needed.

As gomd can be contacted also by telnet clients, encryption cannot be used.
So we've to distinguish amongst the clients.

My idea is to provide a seclevel-by-client mechanism.
- if gomd is contacted by a client using encryption, gomd will speak with
encryption => all permissions granted
- if gomd is contacted by a client _not_ using encryption, gomd will speak
without encryption => ACL+strict security mode enabled.

This stuff will be implemented after the first beta release.

Obviously, every comment/suggestion/hint is welcome. :)))

Byez.

<rejected>

----- Original Message -----
From: <address@hidden>
To: "gomd developers mailing list" <address@hidden>
Sent: Sunday, September 28, 2003 2:35 PM
Subject: [gomd-devel] Authentication follow-up


> Hi,
>
> I just thought the whole login-stuff over with a friend of me (who is a
> huge supporter of openBSD and security..)
>
> The whole connection between gomd and the client will have to be encrypted
> in some kind of way.
> When a client has authenticated and logged in, another host will be able
to
> take over the (then unencrypted) connection. To prevent this from
happening
> I think we should think of a way to secure the whole connection. My idear
> is to use SSL, since it is widely used and accepted to be secure. All
major
> languages have some kind of SSL support, so implementing it will be most
> easy and secure.
>
> cheers,
>
> Roel
>
>
> --
> _____________________________________________________________________
> Snel en voordelig ADSL nu voor iedereen bereikbaar.
> Zon Breedband Budget voor EUR 14,95 per maand.
> Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband
>
>
>
> _______________________________________________
> gomd-devel mailing list
> address@hidden
> http://mail.nongnu.org/mailman/listinfo/gomd-devel