Core 4 Remote Workers

Holger Weiß holger at CIS.FU-Berlin.DE
Tue Feb 5 20:45:30 CET 2013


* Daniel Wittenberg <daniel.wittenberg.r0ko at statefarm.com> [2013-02-05 17:04]:
> I like the idea of libssh2. SSH is simpler both in concept and
> implementation than a PKI.

FWIW, another option would be TLS-PSK as per RFC 4279 (supported by
various TLS libraries, including OpenSSL and GnuTLS).

> In either case, we should definitely have a cleartext option too, for
> debugging if nothing else.

RFC 4785 specifies TLS-PSK without encryption, but I'm not aware of an
implementation that supports this (though there's a trivial patch
against OpenSSL floating around).

Either way, I'd agree that pre-shared keys are more appropriate than a
PKI for this use case.

Holger

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb




More information about the Developers mailing list