[Help-gnutls] Re: Announcement: Yet another GnuTLS-using program: Mandos
Teddy Hogeborn
teddy at fukt.bsnet.se
Thu Oct 9 09:42:06 CEST 2008
Simon Josefsson <simon at josefsson.org> writes:
> Teddy Hogeborn <teddy at fukt.bsnet.se> writes:
>
>>> This might introduce network timeouts, but if the Mandos client is
>>> robust about that there shouldn't be a problem.
>>
>> I'm not sure what you mean. Should not a TLS connection over TCP
>> be alive indefinitely even if no data is sent over it?
>
> NAT firewalls tend to drop TCP sessions without any traffic over
> them after some time. Possibly the client could retry after some
> interval. Maybe your protocol could contain a ping-function. This
> would add some complexity, so for simplicity might be better to
> avoid.
If this really would be a problem for somebody, should not this simply
be solved by setting SO_KEEPALIVE? Now, the system as it is today is
restricted to the local network (no network configured in the initrd,
so we use IPv6 link-local addresses), so this should never happen.
>> The point is, any one of those things only gives half of the key;
>> an attacker would need both physical control of a Mandos client
>> *and* root on the Mandos server to successfully decrypt the
>> clients' disks.
>
> Right. The blob sent from the Mandos server is only possible to
> decrypt by the particular Mandos client, right?
Yes, exactly.
>> Oh well, that can wait until version 2. :-)
>
> Or left as an exercise for the reader. :)
Yes, we created the plugin system partly for this. :)
/Teddy Hogeborn & Björn Påhlsson, the Mandos Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: </pipermail/attachments/20081009/c369b172/attachment.pgp>
More information about the Gnutls-help
mailing list