On Tue, 8 Aug 2000, Pavel Roskin <[EMAIL PROTECTED]> wrote:
[...]
>> > The console should be properly secured. The keyboard can be
>> > secured. The serial line can be secured. Ethernet is much harder to
>> > secure. There are often hundreds computers on the same segment.
>>
>> As far as one uses the network support, he must always trust that
>> his local net is enough secure, anyway, because we don't use any
>> secure transport protocol, like SSH. Then, why is it less secure to
>> add network console support?
>
> It is not less secure than TFTP, but encryption _assumes_ better
> security.
Ah, disagreement. Encryption may lead an unknowing user to assume they
have better security. The Encryption itself is nothing more than a tool.
> We shouldn't fool users and give them code that only makes any
> difference under very limited conditions.
I agree. This is why the *most* important part of a patch I submit that
adds any sort of crypto to GRUB will be the documentation. Code for the
end user...
> One thing that could improve security in a generic situation would be
> two-way authentication between the client (GRUB) and TFTP server. But
> it is not what was proposed in this case.
One thing that would improve the security in one particular circumstance
is that authentication. FWIW, the code I am proposing does give
authentication *as long as* the secret key on both client and server is
protected...
This does not have much to do with sending console commands over a
network, though.
Daniel
--
What was once called the objective world is a sort of Rorschach ink blot, into
which each culture, each system of science and religion, each type of
personality, reads a meaning only remotely derived from the shape and color of
the blot itself.
-- Lewis Mumford
