[Swift-user] Question re: reliance on proxy cert
Mihael Hategan
hategan at mcs.anl.gov
Fri Jan 20 16:48:25 CST 2012
On Fri, 2012-01-20 at 22:52 +0100, Ben Clifford wrote:
> in the ssh case, you should have a secure standard in/standard out
> over which you can send securely and so do either something like a gsi
> delegation or a shared secret transmission or whatever.
Right. Though there's some care to be taken there. echo "secret" >
secretfile is something that can be seen in ps. Can you think of
anything that could go wrong with cat > secretfile?
>
> that doesn't apply to arbitrary cog providers though, I think.
Right. And in the shared secret case, there would have to be an
additional security mechanism (e.g. some key exchange + symmetric
encryption without host certificate checks).
>
> so maybe its yet another growth of the configuration option space...?
Right. That's another reason that gives me a bit of pause here. But too
much pause isn't good either.
More information about the Swift-user
mailing list