[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Announcement: Yet another GnuTLS-using program: Mandos
From: |
Teddy Hogeborn |
Subject: |
[Help-gnutls] Re: Announcement: Yet another GnuTLS-using program: Mandos |
Date: |
Thu, 09 Oct 2008 09:42:06 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
Simon Josefsson <address@hidden> writes:
> Teddy Hogeborn <address@hidden> writes:
>
>>> This might introduce network timeouts, but if the Mandos client is
>>> robust about that there shouldn't be a problem.
>>
>> I'm not sure what you mean. Should not a TLS connection over TCP
>> be alive indefinitely even if no data is sent over it?
>
> NAT firewalls tend to drop TCP sessions without any traffic over
> them after some time. Possibly the client could retry after some
> interval. Maybe your protocol could contain a ping-function. This
> would add some complexity, so for simplicity might be better to
> avoid.
If this really would be a problem for somebody, should not this simply
be solved by setting SO_KEEPALIVE? Now, the system as it is today is
restricted to the local network (no network configured in the initrd,
so we use IPv6 link-local addresses), so this should never happen.
>> The point is, any one of those things only gives half of the key;
>> an attacker would need both physical control of a Mandos client
>> *and* root on the Mandos server to successfully decrypt the
>> clients' disks.
>
> Right. The blob sent from the Mandos server is only possible to
> decrypt by the particular Mandos client, right?
Yes, exactly.
>> Oh well, that can wait until version 2. :-)
>
> Or left as an exercise for the reader. :)
Yes, we created the plugin system partly for this. :)
/Teddy Hogeborn & Björn Påhlsson, the Mandos Team
pgplJrlXgT8HQ.pgp
Description: PGP signature