[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some requirements

To: securedistros@nl.linux.org
Subject: Re: some requirements
From: Tom Vogt <tom@lemuria.org>
Date: Fri, 28 Jul 2000 09:14:35 +0200
In-Reply-To: <20000727232841.A7399@dungeon.inka.de>
References: <20000727232841.A7399@dungeon.inka.de>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@nl.linux.org

Andreas Jellinghaus <aj@dungeon.inka.de> wrote:
>    nfs is insecure, and without IPsec or some other way to secure is:
>    where is a network filesystem for linux ? (ok, maybe nfs v4 will
>    help, but who can wait that long ?)

coda?

>    is dns ready to serve keys for IPsec ? IIRC there was some way to
>    store the public keys in dns.

correct, and this is the much better approach. bind 8 can do it. you can,
of course, also have a spec that says "on my subnets, the public key to
every machine is stored in the TXT entry to every host" or something like
that.

>  - improved ssl ? 
>    nearly no server allows authentication via ssl certificate.
>    also nearly no server allows the server key be encrypted with
>    a password, and the certificate in an extra file. apache is fine,
>    but stunnel/sslwrap/... ?

wasn't s/key made for this? I'm desperately behind on reading up on s/key,
but that's what I thought it was for.

>  - ssl managemant ? openssl tools are not very easy to use.

write the code and most distros will be happy to include it.

-- 
"The net treats censorship as a malfunction and re-routes around it."
(John Gilmore)
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

References:
- some requirements
  - From: Andreas Jellinghaus <aj@dungeon.inka.de>
- some requirements
  - From: Andreas Jellinghaus <aj@dungeon.inka.de>

Prev by Date: Re: Secure Linux Alternatives
Next by Date: Re: antispam measures ...
Prev by thread: some requirements
Next by thread: Re: antispam measures ...
Index(es):
- Date
- Thread