Core 4 Remote Workers
Holger Weiß
holger at CIS.FU-Berlin.DE
Tue Feb 5 20:45:30 CET 2013
* Daniel Wittenberg <daniel.wittenberg.r0ko at statefarm.com> [2013-02-05 17:04]:
> I like the idea of libssh2. SSH is simpler both in concept and
> implementation than a PKI.
FWIW, another option would be TLS-PSK as per RFC 4279 (supported by
various TLS libraries, including OpenSSL and GnuTLS).
> In either case, we should definitely have a cleartext option too, for
> debugging if nothing else.
RFC 4785 specifies TLS-PSK without encryption, but I'm not aware of an
implementation that supports this (though there's a trivial patch
against OpenSSL floating around).
Either way, I'd agree that pre-shared keys are more appropriate than a
PKI for this use case.
Holger
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
More information about the Developers
mailing list