[CentOS] NIS or not?
Sorin Srbu
Sorin.Srbu at orgfarm.uu.se
Wed Jan 29 10:30:47 UTC 2014
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Jeffrey Hass
> Sent: den 29 januari 2014 11:11
> To: CentOS mailing list
> Subject: Re: [CentOS] NIS or not?
>
> Almost forgot, //Sorin:
>
> SSL uses public key cryptography:
>
> 1. You (or your browser) has a public/private keypair
> 2. The server has a public/private key as well
> 3. You generate a symmetric session key
> 4. You encrypt with the server's public key and send this encrypted
> session key to the server.
> 5. The server decrypts the encrypted session key with its private key.
> 6. You and the server begin communicating using the symmetric session
> key (basically because symmetric keys are faster).
>
> Kerberos does not use public key cryptography. It uses a trusted 3rd
> party. Here's a sketch:
>
> 1. You both (server and client) prove your identity to a trusted 3rd
> party (via a /secret/).
> 2. When you want to use the server, you check and see that the server
> is trustworthy. Meanwhile, the server checks to see that you are
> trustworthy. Now, mutually assured of each others' identity. You can
> communicate with the server.
>
>
> I'm always nervous about 'trusted third parties..' Can you imagine..
> That's what holds our credit cards and such,
> like, um, at Target.. the trusted 'third-party...' Damn, people really
> go for that??? See, it's a hard call, isn't it??
>
> // weigh it all out... // and make sure you get buy in and put the
> DISCLAIMERS in your documentation and on the Wiki's because
> it will come back to you at some point ..... if it ever goes down...
>
> BEWARE of anything related to Security solutions on the Net -- because
> most don't have more than three or four years experience.
> Most.
Thanks for your insights. Appreciated.
My boss just looks funny at me when I ask him about security and has he
considered all those post-Snowden details. 8-)
I've begun dabbling a bit with SSL while I did the Owncloud-testing and
running.
--
//Sorin
More information about the CentOS
mailing list