[jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: Remoting 3 Security
anil.saldhana@jboss.com
do-not-reply at jboss.com
Thu Jul 5 13:03:37 EDT 2007
1) SSL/TLS should be available on the transport as a choice and not default.
2) I am interested in encryption provided as an option when the ssl setup is not acceptable and/or user just needs to avoid man-in-the-middle attacks. An issue with encryption is symmetric key management. This is where SRP is interesting. One end does userid/pwd. The server does prime numbers. They interact and agree on a session key.
3) SRP can be done as a JCA provider for GSS. As far as I know, SASL does challenge/response. So SRP should fit in pretty easily. There is code already written by Scott (probably in the varia module) that can be adapted.
4) An interesting thing that I have noted (but not dealt into deeply) is when the client seeks a stub/proxy from the server, the server can send in SASL chunks to the client to avoid 1 round trip. This is the PUSH on the initial proxy seek.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060925#4060925
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060925
More information about the jboss-dev-forums
mailing list