This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Network Security for the Systemtap Client/Server


Frank Ch. Eigler wrote:
# Once the server has been authenticated, the client and server use
# techniques of symmetric-key encryption, which is very fast, to
# encrypt all the information they exchange for the remainder of the
# session and to detect any tampering that may have occurred.

I didn't see the assertion of tamper protection here when I read it the first time. It would seem to me that any kind encryption alone can not provide protection against tampering. However, perhaps the assertion is that only the encryption is weakened at this point and that other techniques, such as signing all or part of the data, continue to be employed.

So are you preferring the option above over option 2 (staprun re-verifies the entire response)?

No, I'm suggesting that stap-client need not verify the response at
all, assuming that wire-level security was in place.
Assuming that what you quoted above is correct, then I now agree.

Dave



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]