-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Jeffrey Hass Sent: den 29 januari 2014 11:11 To: CentOS mailing list Subject: Re: [CentOS] NIS or not?
Almost forgot, //Sorin:
SSL uses public key cryptography:
- You (or your browser) has a public/private keypair
- The server has a public/private key as well
- You generate a symmetric session key
- You encrypt with the server's public key and send this encrypted session key to the server.
- The server decrypts the encrypted session key with its private key.
- You and the server begin communicating using the symmetric session key (basically because symmetric keys are faster).
Kerberos does not use public key cryptography. It uses a trusted 3rd party. Here's a sketch:
- You both (server and client) prove your identity to a trusted 3rd party (via a /secret/).
- When you want to use the server, you check and see that the server is trustworthy. Meanwhile, the server checks to see that you are trustworthy. Now, mutually assured of each others' identity. You can communicate with the server.
I'm always nervous about 'trusted third parties..' Can you imagine.. That's what holds our credit cards and such, like, um, at Target.. the trusted 'third-party...' Damn, people really go for that??? See, it's a hard call, isn't it??
// weigh it all out... // and make sure you get buy in and put the DISCLAIMERS in your documentation and on the Wiki's because it will come back to you at some point ..... if it ever goes down...
BEWARE of anything related to Security solutions on the Net -- because most don't have more than three or four years experience. Most.
Thanks for your insights. Appreciated.
My boss just looks funny at me when I ask him about security and has he considered all those post-Snowden details. 8-)
I've begun dabbling a bit with SSL while I did the Owncloud-testing and running. -- //Sorin