Re: NIS or not?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
> Behalf Of Jeffrey Hass
> Sent: den 29 januari 2014 11:11
> To: CentOS mailing list
> Subject: Re:  NIS or not?
>
> Almost forgot, //Sorin:
>
> SSL uses public key cryptography:
>
>  1. You (or your browser) has a public/private keypair
>  2. The server has a public/private key as well
>  3. You generate a symmetric session key
>  4. You encrypt with the server's public key and send this encrypted
>     session key to the server.
>  5. The server decrypts the encrypted session key with its private key.
>  6. You and the server begin communicating using the symmetric session
>     key (basically because symmetric keys are faster).
>
> Kerberos does not use public key cryptography. It uses a trusted 3rd
> party. Here's a sketch:
>
>  1. You both (server and client) prove your identity to a trusted 3rd
>     party (via a /secret/).
>  2. When you want to use the server, you check and see that the server
>     is trustworthy. Meanwhile, the server checks to see that you are
>     trustworthy. Now, mutually assured of each others' identity. You can
>     communicate with the server.
>
>
> I'm always nervous about 'trusted third parties..' Can you imagine..
> That's what holds our credit cards and such,
> like, um, at Target.. the trusted 'third-party...' Damn, people really
> go for that??? See, it's a hard call, isn't it??
>
> // weigh it all out... //  and make sure you get buy in and put the
> DISCLAIMERS in your documentation and on the Wiki's because
> it will come back to you at some point ..... if it ever goes down...
>
> BEWARE of anything related to Security solutions on the Net -- because
> most don't have more than three or four years experience.
> Most.

Thanks for your insights. Appreciated.

My boss just looks funny at me when I ask him about security and has he 
considered all those post-Snowden details. 8-)

I've begun dabbling a bit with SSL while I did the Owncloud-testing and 
running.
--
//Sorin
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux