On the other hand, good crypto is not just based on obscurity, so if it
is open source as it is, it must also be
bad governments proof and NSA-proof ... I can't guarantee that at the
present moment.
I will look into mTLS tomorrow, I need some good night sleep over the
whole thing.
Mirsad
On 2/7/2022 7:51 PM, Paul Wouters wrote:
If you feel the pam TLS calls needs more than server side cert verification,
you should look into client authentication, eg mTLS. Don’t invent your own
crypto.
Paul
--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
