Re: Why all the open ports?



* Maciej Stachowiak
| Derek Simkowiak <dereks@kd-dev.com> writes:
| 
| > 	Another Gnome security concern not yet addressed (except above :)
| > is the encryption of Gnome's CORBA communications.  Personally, I think
| > that encryption should be left to the VPN and that ORBit's network traffic
| > should be clear.  Leave encryption to the encryption experts, the makers
| > of SSH, vpnd, PPTP, and IPv6.
| > 
| 
| One of the best-established security principles is that security must
| be end-to-end to be truly effective. A VPN or IPsec can keep your data
| secure from outsiders but does nothing to protect you from threats
| inside your VPN.

I couldn't agree more. True end-to-end security is in my opinion "The
Only Right Solution" in the long term. It is also the hardest solution
to implement.

There is a CORBA security service. I have only browsed the spec, but
it might be worth looking into. From what I can remember the CORBA
security service could for example utilize Kerberos for authentication
and encryption services.

If the end-to-end security approach were used it would be possible to
authenticate access to CORBA objects on a per user basis. I could for
example access objects running on my home machine from work without
worrying too much about security issues. 

But I am probably just dreaming.

                                           Per Kristian   




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]