vrs-development
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: [Vrs-development] More info

From: Open Source
Subject: Re: Fwd: Re: [Vrs-development] More info
Date: Thu, 14 Mar 2002 15:29:37 -0800 (PST) 
> > We will have to support server and client
> > authentication for web services. We could treat
> that
> > as one of the plugin for the Service framework
> > 
> > 
> 
> exactly.
> .  Probably, we will use SSL, for
> > > several reasons.  One, it's simple to implement.
> > And
> > > two, SSL traffic on the net is difficult to
> > isolate
> > > because of it's common use in commercial
> traffic.

Why not use IDSec for this purpose? Do u think it
might fit our work?

> > Good enough. We also might have consider export
> > conditions of various countries which prevent
> > certain
> > the spread of 128 bit encryption. This means that
> > different algorithms will have to be used for a
> > network as global as VRS.
> > 
> 
> Export from where?  I believe that the USA is the
> only
> one with issues about this.  But in what way can the
> results of this project be construde as being
> exported
>  to anywhere from the USA. or anywhere else, for
> that
> matter?

I wasn't thinking abt this project alone. I was
thinking of a cluster in US with a LDS from another
country joining this node. Will not the export policy
of US prevent the LDS from providing maybe a 128 bit
encryption? If we decide to use SSL, then we might
have to provide a 40 bit encryption for LDS outside US
soil.

> > > > > There does exists the possibility of IP
> > address
> > > > > spoofing, however.
> > > > Once the client and the server authenticate, i
> > > don't
> > > > think there will be any IP spoofing.
> > > > 
> > > Great.  I don't know much about this particular
> > > area.
> > It all depends on how determined the hacker is.
> >
> 
> 
> We are going to need to enumerate all of the attacks
> that we can imagine on this thing.  And the sooner
> we
> do that the better.  
 
> Know anyone who might bring some expertese to that?
> 
>  
We could try this on the All hands meet.

I have an idea. It is quite difficult to determine
when an attack can take place. Don't u think it will
be better if we have a default intrusion detection
system in place such as netsaint (www.netsaint.org),
opennms (www.opennms.org), snort
(www.sourcefire.com/snort)

[snip]

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]