This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Network Security for the Systemtap Client/Server


Hi -

On Fri, Nov 07, 2008 at 11:37:03AM -0500, Dave Brolley wrote:
> ># Once the server has been authenticated, the client and server use
> ># techniques of symmetric-key encryption, which is very fast, to
> ># encrypt all the information they exchange for the remainder of the
> ># session and to detect any tampering that may have occurred.
>
> I didn't see the assertion of tamper protection here when I read it the 
> first time. It would seem to me that any kind encryption alone can not 
> provide protection against tampering. However, perhaps the assertion is 
> that only the encryption is weakened at this point and that other 
> techniques, such as signing all or part of the data, continue to be 
> employed.

In SSL and similar wire-level security protocols, simple encryption is
only one part of the work.  There are checksums, authentication codes,
and other gunk being passed back and forth, so that the channel can be
deemed "secure" - meaning more than just "confidential" but also
"tamper-proof" and some other properties.

- FChE


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]