Re: Why all the open ports?

From: Per Kristian Gjermshus <pergj ifi uio no>
To: gnome-components-list gnome org
Subject: Re: Why all the open ports?
Date: 26 Jul 2000 19:49:32 +0200

* Maciej Stachowiak
| Derek Simkowiak <dereks@kd-dev.com> writes:
| 
| > 	Another Gnome security concern not yet addressed (except above :)
| > is the encryption of Gnome's CORBA communications.  Personally, I think
| > that encryption should be left to the VPN and that ORBit's network traffic
| > should be clear.  Leave encryption to the encryption experts, the makers
| > of SSH, vpnd, PPTP, and IPv6.
| > 
| 
| One of the best-established security principles is that security must
| be end-to-end to be truly effective. A VPN or IPsec can keep your data
| secure from outsiders but does nothing to protect you from threats
| inside your VPN.

I couldn't agree more. True end-to-end security is in my opinion "The
Only Right Solution" in the long term. It is also the hardest solution
to implement.

There is a CORBA security service. I have only browsed the spec, but
it might be worth looking into. From what I can remember the CORBA
security service could for example utilize Kerberos for authentication
and encryption services.

If the end-to-end security approach were used it would be possible to
authenticate access to CORBA objects on a per user basis. I could for
example access objects running on my home machine from work without
worrying too much about security issues. 

But I am probably just dreaming.

                                           Per Kristian

Follow-Ups:
- Re: Why all the open ports?
  - From: Michael Rumpf

References:
- Re: Why all the open ports?
  - From: Derek Simkowiak
- Re: Why all the open ports?
  - From: Maciej Stachowiak

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]