[Help-gnutls] Re: Announcement: Yet another GnuTLS-using program: Mandos

Teddy Hogeborn teddy at fukt.bsnet.se
Thu Oct 9 09:42:06 CEST 2008

Simon Josefsson <simon at josefsson.org> writes:

> Teddy Hogeborn <teddy at fukt.bsnet.se> writes:
>>> This might introduce network timeouts, but if the Mandos client is
>>> robust about that there shouldn't be a problem.
>> I'm not sure what you mean.  Should not a TLS connection over TCP
>> be alive indefinitely even if no data is sent over it?
> NAT firewalls tend to drop TCP sessions without any traffic over
> them after some time.  Possibly the client could retry after some
> interval.  Maybe your protocol could contain a ping-function.  This
> would add some complexity, so for simplicity might be better to
> avoid.

If this really would be a problem for somebody, should not this simply
be solved by setting SO_KEEPALIVE?  Now, the system as it is today is
restricted to the local network (no network configured in the initrd,
so we use IPv6 link-local addresses), so this should never happen.

>> The point is, any one of those things only gives half of the key;
>> an attacker would need both physical control of a Mandos client
>> *and* root on the Mandos server to successfully decrypt the
>> clients' disks.
> Right.  The blob sent from the Mandos server is only possible to
> decrypt by the particular Mandos client, right?

Yes, exactly.

>> Oh well, that can wait until version 2.  :-)
> Or left as an exercise for the reader. :)

Yes, we created the plugin system partly for this. :)

/Teddy Hogeborn & Björn Påhlsson, the Mandos Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: </pipermail/attachments/20081009/c369b172/attachment.pgp>

More information about the Gnutls-help mailing list