[Swift-user] Question re: reliance on proxy cert

Mihael Hategan hategan at mcs.anl.gov
Fri Jan 20 16:48:25 CST 2012


On Fri, 2012-01-20 at 22:52 +0100, Ben Clifford wrote:
> in the ssh case, you should have a secure standard in/standard out
> over which you can send securely and so do either something like a gsi
> delegation or a shared secret transmission or whatever.

Right. Though there's some care to be taken there. echo "secret" >
secretfile is something that can be seen in ps. Can you think of
anything that could go wrong with cat > secretfile?

> 
> that doesn't apply to arbitrary cog providers though, I think.

Right. And in the shared secret case, there would have to be an
additional security mechanism (e.g. some key exchange + symmetric
encryption without host certificate checks).

> 
> so maybe its yet another growth of the configuration option space...?

Right. That's another reason that gives me a bit of pause here. But too
much pause isn't good either.




More information about the Swift-user mailing list