> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Jeffrey Hass > Sent: den 29 januari 2014 11:11 > To: CentOS mailing list > Subject: Re: [CentOS] NIS or not? > > Almost forgot, //Sorin: > > SSL uses public key cryptography: > > 1. You (or your browser) has a public/private keypair > 2. The server has a public/private key as well > 3. You generate a symmetric session key > 4. You encrypt with the server's public key and send this encrypted > session key to the server. > 5. The server decrypts the encrypted session key with its private key. > 6. You and the server begin communicating using the symmetric session > key (basically because symmetric keys are faster). > > Kerberos does not use public key cryptography. It uses a trusted 3rd > party. Here's a sketch: > > 1. You both (server and client) prove your identity to a trusted 3rd > party (via a /secret/). > 2. When you want to use the server, you check and see that the server > is trustworthy. Meanwhile, the server checks to see that you are > trustworthy. Now, mutually assured of each others' identity. You can > communicate with the server. > > > I'm always nervous about 'trusted third parties..' Can you imagine.. > That's what holds our credit cards and such, > like, um, at Target.. the trusted 'third-party...' Damn, people really > go for that??? See, it's a hard call, isn't it?? > > // weigh it all out... // and make sure you get buy in and put the > DISCLAIMERS in your documentation and on the Wiki's because > it will come back to you at some point ..... if it ever goes down... > > BEWARE of anything related to Security solutions on the Net -- because > most don't have more than three or four years experience. > Most. Thanks for your insights. Appreciated. My boss just looks funny at me when I ask him about security and has he considered all those post-Snowden details. 8-) I've begun dabbling a bit with SSL while I did the Owncloud-testing and running. -- //Sorin