[icecast] a new directory service
primus at veris.org
Mon Sep 17 22:03:15 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, Sep 17, 2001 at 01:59:03PM -0700, rillian wrote:
> Unfortunately, anything more secure requires a shared secret, and thus
> and ssl-connection over which to send it.
Not necessarily. There's always public-private key encryption, which
wouldn't be too hard to implement. Of course, now we run into the trust
problem of receiving a server key over the Internet and all, but that's
just being pedantic and not appropriate for this discussion.
> For example, running the
> contents of the update through the hash in addition to the password
> would let the server verify each update directly and block replay
> attacks. Of course, this assumes the connection in between is more
> vulnerable than the server and/or the client's machine, so perhaps in
> practice it's so much better. Still, I think it's worth trying to do
> this right.
I'd love to see the backend connection to the directory server being
run through an SSL tunnel. Not being a programmer, though, I don't know of
the scope of effort it would take to implement that. Something for Jack to
The real question comes down to this: What is the value of the data we're
trying to protect? Conceivably, someone could hijack the connection and
send false data back to the directory server. Maybe just mess with your
listing, maybe a form of DoS. Perhaps you might be able to inject
something that would mess with the directory server itself. I think,
though, that if that were the case, you'd be able to break things even if
it was running over SSL. Sure, I'd rather have everything encrypted.
Whether or not that's feasible, though...
"Nothing's the same anymore."
- Cmdr. Jeffrey Sinclair, Babylon-5, "Chrysalis"
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast