Our "monolithic" program (which runs in well under a meg including
the program and all memory it uses) is monitored for correct hash (an
algorithm we have to give a 21 byte hash total of files for which I
have never seen two different files with the same hash) from an
off-site program AND onsit
Kristen,
Your points are all good. However, I have found the compatibility
not good with customer installed versions versus my own. One of the
problems, for example, could be that openssl compiles with a certain
type of threads, not the same as your application. Same with
semaphores and wh
On 10/28/11 12:39 PM, Eric S. Eberhard wrote:
I have an easy solution I use because not only do you have the problem with
admins not having the library installed, you have the problem of them having the
wrong version installed for something they need. Your app or theirs won't work.
Or yours wil
I have an easy solution I use because not only do you have the
problem with admins not having the library installed, you have the
problem of them having the wrong version installed for something they
need. Your app or theirs won't work. Or yours will, and they update
openssl and it no longer
After all my wrangling, I'm leaning towards just using client certs.
Is it a reasonable assumption that on UNIX'es these days I can
expect to find libssl.so AND the openssl command line?
If not, is it reasonable to assume that A sysadmin will
install openssl to get my app to work?
Otherwise, it
On Wed October 26 2011, Kristen J. Webb wrote:
> Having an app that can use certs, it
> appears, is nothing compared with how to deploy it and manage those certs ;)
> >
A general truism not specific to "certs".
Recognizing (or implementing) a "need for trust" is one thing;
Determining (or establi
On 10/27/2011 2:14 AM, Kristen J. Webb wrote:
On 10/8/11 1:16 AM, Michael Sierchio wrote:
On Fri, Oct 7, 2011 at 7:40 PM, Kristen J.
Webb wrote:
My understanding is that a TLS connection with a server cert
only identifies the server to the client. This leads to a MiTM
attack, where the mit
On 10/26/11 6:35 PM, Wim Lewis wrote:
On 7 Oct 2011, at 7:40 PM, Kristen J. Webb wrote:
I'm exploring the security of TLS for TCP/IP connections.
I would like to establish TLS connections using server certificates
(managing client certs via external or internal PKI is painful).
My understandi
On 7 Oct 2011, at 7:40 PM, Kristen J. Webb wrote:
> I'm exploring the security of TLS for TCP/IP connections.
> I would like to establish TLS connections using server certificates
> (managing client certs via external or internal PKI is painful).
> My understanding is that a TLS connection with a
On 10/8/11 1:16 AM, Michael Sierchio wrote:
On Fri, Oct 7, 2011 at 7:40 PM, Kristen J. Webb wrote:
My understanding is that a TLS connection with a server cert
only identifies the server to the client. This leads to a MiTM
attack, where the mitm can impersonate the client because the server
On Fri, Oct 7, 2011 at 7:40 PM, Kristen J. Webb wrote:
>
> My understanding is that a TLS connection with a server cert
> only identifies the server to the client. This leads to a MiTM
> attack, where the mitm can impersonate the client because the server
> has not verified the client.
Your unde
Hi All,
I'm exploring the security of TLS for TCP/IP connections.
I would like to establish TLS connections using server certificates
(managing client certs via external or internal PKI is painful).
My understanding is that a TLS connection with a server cert
only identifies the server to the clie
12 matches
Mail list logo