[Help-gnutls] gnutls with unix domain (local) sockets

Florian Weimer fweimer at bfk.de
Thu Oct 2 10:35:09 CEST 2008


* Lennart Koopmann:

> Am Montag, den 29.09.2008, 16:44 +0300 schrieb Arturo Martinez Rubio:
>> In my specific case, the applications which will communicate using TLS
>> are running in the same machine.
>
> Isn't TLS pretty useless if used for interprocess communication? Or does
> some kind of server that is running on the local machine require TLS?

Some applications use UNIX domain sockets in /tmp, where the identity
of the peer is less than clear.  It's been suggested to use TLS in
this scenario.

(Personally, I think using a separate directory, writable by the
appropriate user, is a better choice, perhaps combined with
credentials passing.)

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99





More information about the Gnutls-help mailing list