[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Re: [Vrs-development] More info
|
From: |
Chris Smith |
|
Subject: |
Re: Fwd: Re: [Vrs-development] More info |
|
Date: |
Fri, 15 Mar 2002 12:54:02 +0000 |
On Thursday 14 March 2002 23:29, you wrote:
>
> I wasn't thinking abt this project alone. I was
> thinking of a cluster in US with a LDS from another
> country joining this node. Will not the export policy
> of US prevent the LDS from providing maybe a 128 bit
> encryption? If we decide to use SSL, then we might
> have to provide a 40 bit encryption for LDS outside US
> soil.
Using SSL we'd have the same situation as Web Servers
based in the US being accessed from outside.
The SSL CLient and Server negotiate a common encryption
algorithm/resolution during the SSL handshake. In fact
you can negotiate at say 40bit. Do some application
specific authentication etc and then UPGRADE the connection
to 128 bit if the connection is not crossing a US
boundary.
> We could try this on the All hands meet.
>
> I have an idea. It is quite difficult to determine
> when an attack can take place. Don't u think it will
> be better if we have a default intrusion detection
> system in place such as netsaint (www.netsaint.org),
> opennms (www.opennms.org), snort
> (www.sourcefire.com/snort)
Just to raise the point: I've got some work to do
in Goldwater to protect messages passing through the
architecture......
--
Chris Smith
Technical Architect - netFluid Technology Limited.
"Internet Technologies, Distributed Systems and Tuxedo Consultancy"
E: address@hidden W: http://www.nfluid.co.uk
- Re: [Vrs-development] More info, (continued)
Re: Fwd: Re: [Vrs-development] More info, Bill Lance, 2002/03/15