[jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: Remoting 3 Security

Thursday, 5 July 2007

1) SSL/TLS should be available on the transport as a choice and not default.
2) I am interested in encryption provided as an option when the ssl setup is not
acceptable and/or user just needs to avoid man-in-the-middle attacks. An issue with
encryption is symmetric key management. This is where SRP is interesting. One end does
userid/pwd. The server does prime numbers. They interact and agree on a session key.
3) SRP can be done as a JCA provider for GSS. As far as I know, SASL does
challenge/response. So SRP should fit in pretty easily. There is code already written by
Scott (probably in the varia module) that can be adapted.
4) An interesting thing that I have noted (but not dealt into deeply) is when the client
seeks a stub/proxy from the server, the server can send in SASL chunks to the client to
avoid 1 round trip. This is the PUSH on the initial proxy seek. 

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060925#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: Remoting 3 Security