[ZODB-Dev] ZEO and Security
Jeremy Hylton
jeremy@digicool.com
Mon, 7 May 2001 23:13:15 -0400 (EDT)
>>>>> "MP" == Michel Pelletier <michel@digicool.com> writes:
MP> Tackling the authentication problem seems pretty easy, as you
MP> point out.
MP> This may show off my lack of security experience, but I think
MP> that something simple like this could be cooked up with
MP> amkCrypto:
You said it, not me <wink>. We should *not* be in the business of
dreaming up new protocols. Good cryptographic protocol design is far
hard.(*) We should use an existing protocol like TLS. The one you
just sketched is vulnerable to a man-in-the-middle attack.
Jeremy
* Abadi and Needham. Prudent Engineering Practices for Cryptographic
Protocols. http://citeseer.nj.nec.com/abadi96prudent.html