Re: Why all the open ports?

[Michael Rumpf <michael rumpfonline de>]

Hi !

Just in case you don't know, I have a link on http://rumpfonline.de/orbit to the SSL version of ORBit. This could maybe serve as a starting point. There is also some info about the Security Service....

Michael

Per Kristian Gjermshus wrote:
> 
> * Maciej Stachowiak
> | Derek Simkowiak <dereks@kd-dev.com> writes:
> |
> | >     Another Gnome security concern not yet addressed (except above :)
> | > is the encryption of Gnome's CORBA communications.  Personally, I think
> | > that encryption should be left to the VPN and that ORBit's network traffic
> | > should be clear.  Leave encryption to the encryption experts, the makers
> | > of SSH, vpnd, PPTP, and IPv6.
> | >
> |
> | One of the best-established security principles is that security must
> | be end-to-end to be truly effective. A VPN or IPsec can keep your data
> | secure from outsiders but does nothing to protect you from threats
> | inside your VPN.
> 
> I couldn't agree more. True end-to-end security is in my opinion "The
> Only Right Solution" in the long term. It is also the hardest solution
> to implement.
> 
> There is a CORBA security service. I have only browsed the spec, but
> it might be worth looking into. From what I can remember the CORBA
> security service could for example utilize Kerberos for authentication
> and encryption services.
> 
> If the end-to-end security approach were used it would be possible to
> authenticate access to CORBA objects on a per user basis. I could for
> example access objects running on my home machine from work without
> worrying too much about security issues.
> 
> But I am probably just dreaming.
> 
>                                            Per Kristian
> 
> _______________________________________________
> gnome-components-list mailing list
> gnome-components-list@gnome.org
> http://mail.gnome.org/mailman/listinfo/gnome-components-list