Meenakshi:
Hello! I was wondering if you'd like me to email you a
copy of the 0.99 snapshot for your review. I've been testing it
today, and I think it's ready to be released.
thanks,
Scott
On Thu, 12 Dec 2002, Scott C. Best wrote:
> Meenakshi:
>
> Hello again. Some replies:
>
> > For the point 5 mentioned by you after authentication, I also need to
> > know that
> > Is the control channel which is setup between User1 and User2 secure
> > enough to send the 16-char random string (symmetric password) used for
> > Data Channel? I assume that the string sent over control channel is
> > encrypted somehow.
>
> Yes, the control channel is symmetrically encrypted. I am not
> sure how the symmetric keys are generated.
>
> > Also I assume that the control channel is used only to send the
> > symmetric password so that a data channel gets created for all data
> > transactions.
>
> Yes, correct.
>
> > Does the Control channel gets reused once a data channel is created or
> > is no longer needed ?
>
> I suppose it is no longer needed, as a Zebedee connection could
> be opened and used for all subsequent control channel needs. The control
> channel is still needed, of course.
>
> > Is their some lifetime concept for the data channel?
> > If I think of IKE (Internet Key Exchange) protocol used to negotiate
> > keys for IPSEC, Can I relate this Control channel to be similar to IKE
> > Phase1 and Data Channel to be similar to IKE Phase2 though I see lot of
> > difference in the IKE and Kaboodle implementation. It seems in Kaboodle
> > data keys are not negotiated/generated by both ends rather a symmetric
> > password from one end is transferred to the other party and then used
> > by both to make the data traffic secure.
>
> I believe the Zebedee channel will periodically renegotiate
> data-channel encryption keys. I don't think the Control channel does,
> however, you're right. Probably the best model for the future would be:
>
> 1. After authentication, Kaboodle used something like DH key exchange
> on port 4282 (maybe UDP).
> 2. Once that key is exchanged, Kaboodle uses it to establish a
> Zebedee-based control channel on TCP port 4282.
> 3. All subsequent control-channel exchanges done across the Zebedee
> based control channel.
>
> I'd have much easier answers to your questions if this is
> how it was done. :)
>
> -Scott
>
>
>
> > On Sun, 8 Dec 2002 16:00:36 -0800 (PST), "meenakshi arora"
> > <[EMAIL PROTECTED]> said:
> >
> > --- "Scott C. Best" <[EMAIL PROTECTED]> wrote:
> > Date: Sat, 7 Dec 2002 21:52:57 +0000 (GMT)
> > From: "Scott C. Best" <[EMAIL PROTECTED]>
> > To: meenakshi arora <[EMAIL PROTECTED]>
> > CC: [EMAIL PROTECTED]
> > Subject: Kaboodle VPN overview
> >
> > Meenakshi:
> >
> > Hello! The biggest limitation of the current VPN
> > feature
> > is the lack of peer review. :) That is, I believe it
> > works as follows:
> >
> > 1. User1 on LAN1 downloads Kaboodle and registers
> > its VPN capabilities
> > at www.GetEngaged.net. That is, they download a
> > "registration
> > file", essentially a signed secret-key.
> > 2. User2 on LAN2 does the respective thing for their
> > network.
> > 3. User1 on LAN1 creates a Partnership file with
> > User2 on the same
> > site. Both users download and install the
> > Partnership file,
> > essentially a signed public key.
> > 4. USer1 or User2 then initiate a connection.
> > Kaboodle does a
> > Gnutella search for the Partnership file
> > associated with the
> > connection. Once the file is found, it is
> > authenticated on both
> > sides using the secret-key information from #1.
> > 5. After authentication, a "control channel" is
> > setup using TCP port
> > 4282. An 16-char random string is transferred
> > across this channel.
> > 6. Using that string as a symmetric password, a
> > Zebedee connection
> > is initiated from one side to the other, using a
> > user-defined
> > TCP port (defaults to 11965, the Zebedee
> > default).
> > 7. All data transactions now go across this "data
> > channel".
> >
> > Version 0.99 (which you can get from the "alpha"
> > directory
> > on ftp.Kaboodle.org) should do all of this. I know
> > that using that
> > connection, I can do all of the above and then VNC
> > across the secure
> > connection (I can see from tcp-dumping the LAN
> > traffic that the
> > right ports are being used). I have just not
> > *confirmed* that the
> > security model works exactly as I have specified
> > above. One of the
> > coders may have, unknowingly, taken a shortcut in
> > the interest of
> > functionality.
> > Would you be able to review such a thing?
> >
> > thanks,
> > Scott
> >
> > > > PS: It'd be great if you could join the
> > > > Kaboodle-devel email list.
> > > > I've CC'd it here in my reply.
> > > >
> > > > On Fri, 6 Dec 2002, meenakshi arora wrote:
> > > >
> > > > > Hello Scott,
> > > > > Could you please send me the list of current
> > > > > limitations of the VPN feature which I can start
> > > > > working on. Also If you could send me other
> > > > features
> > > > > limitaions too I would like to review them.
> > > > >
> > > > > I would be needing your guidance to chose a
> > > > direction
> > > > > to start.
> > > > >
> > > > > Thanks,
> > > > > Meenakshi
> > > >
> > > >
> > >
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> > > http://mailplus.yahoo.com
> > >
> > --
> > Meenakshi Vohra
> > [EMAIL PROTECTED]
> >
> > --
> > http://fastmail.fm - IMAP accessible web-mail
> >
>
>
-------------------------------------------------------
This SF.NET email is sponsored by: Order your Holiday Geek Presents Now!
Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap,
MP3 Players, XBox Games, Flying Saucers, WebCams, Smart Putty.
T H I N K G E E K . C O M http://www.thinkgeek.com/sf/
_______________________________________________
Kaboodle-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/kaboodle-devel
