>> Imho authentication only makes sense with encryption as well. > > I don't think this is true. > Assume 2 computers, Server and Client, with both and > the network between them under the same administrative control, > which prevents snooping. This scenario does not really need > encryption. It does, however, need authentication, or a non-root > user on client could access any server resource simply by opening > a socket.
Hmm indeed that is an issue, this regular user connecting. Maybe we can introduce a preshared handshake or so: server: hi client, hash this challenge with our preshared key concattenated to it client: ... and vice versa where challenge is for example a 16 byte (byte, not bit) random. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Nbd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nbd-general
