[Swift-user] Question re: reliance on proxy cert

Ben Clifford benc at hawaga.org.uk
Sat Jan 21 03:56:10 CST 2012


On Jan 20, 2012, at 11:48 PM, Mihael Hategan wrote:

> On Fri, 2012-01-20 at 22:52 +0100, Ben Clifford wrote:
>> in the ssh case, you should have a secure standard in/standard out
>> over which you can send securely and so do either something like a gsi
>> delegation or a shared secret transmission or whatever.
> 
> Right. Though there's some care to be taken there. echo "secret" >
> secretfile is something that can be seen in ps. Can you think of
> anything that could go wrong with cat > secretfile?

secretfile exsts on the remote filesystem in a way that is possibly publicly visible; touch secretfile ; chmod go-rwx secretfile cat >> secretfile  might be better. or you could feed it into the program that wants the secret directly and forget the filesystem entirely.

> Right. And in the shared secret case, there would have to be an
> additional security mechanism (e.g. some key exchange + symmetric
> encryption without host certificate checks).

You get a bunch of that from ssh already. There's probably more elaborate stuff that can be done - eg rather than having a shared secret at all, use the ssh channel to exchange two public keys, one from each end; or make sure that the wire protocol never sends the whole secret over the out-of-ssh channel, just some proof that it knows it.

Depends how crazy you want to go on security...

-- 




More information about the Swift-user mailing list