Subj : RE: Secure binkp
To   : Oli
From : NuSkooler
Date : Wed Nov 27 2019 09:25 am


Oli around Wednesday, November 27th...
 Ol> For testing we can use self-signed certs.

If you don't want to muck around with CA's (I'd highly recommend you *do*; ACME
 / Let's Encrypt works very well -- but you *do* need domains and the like),
the "sign up" process simly becomes "Trust this particular cert", which isn't
really that bad.

On Wednesday, November 27th Oli said...
 Ol> What is still missing is some authentication of incoming connections if 
 Ol> no session password is configured. On the TLS level we could use client 
 Ol> certificates, but it would make everything more complicated and less 
 Ol> flexible.

I've used client authentication many times over the years, what are you
concerns over compliexity/less flexible here? As for passwords, they are now OK
 to send as they don't go over the wire unless the TLS handshake completes (or
maybe I'm misunderstanding what you're saying here)


-- 
>> NuSkooler
>> Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
>> ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
 * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

.