[Bug 2182151] Review Request: ktls-utils - TLS Handshake agent for kernel sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2182151



--- Comment #60 from Chuck Lever <chuck.lever@xxxxxxxxxx> ---
(In reply to Daiki Ueno from comment #59)
> At first glance, the certificate verification looks good to me, except that
> I'm unsure what HANDSHAKE_AUTH_UNAUTH actually means: is it a certificate
> authentication without checking the result, or actual anonymous
> authentication that can be done with the gnutls_anon_* API? If the answer is
> the format, we might want to disable it by default.

The point of the "anon" authentication type is to use x.509 but only require
that the client authenticate the server. The client then does not need an x.509
certificate -- it's one way to enable a private connection without needing to
distribute authentication material to perhaps many thousands of clients.

The use of this mode is controlled by the administrators of both the client and
server -- they can require encryption and/or authentication before the client
is permitted access to the server's data, or allow the use of encryption if
it's available on both sides.

I would rather allow administrators to control whether this option is
available.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
https://bugzilla.redhat.com/show_bug.cgi?id=2182151

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202182151%23c60
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux