Re: [Nbd] Easier use, authentication
- To: Folkert van Heusden <folkert.van.heusden@...17...>
- Cc: nbd-general@lists.sourceforge.net, Wouter Verhelst <w@...112...>
- Subject: Re: [Nbd] Easier use, authentication
- From: Christian Jaeger <chrjae@...17...>
- Date: Mon, 26 Sep 2011 03:35:04 -0400
- Message-id: <CAEjYwfVSYADD9kH9tM3KkHwUa8zZ_qnjOrFVy4Ddi0LPVJMB_A@...18...>
- In-reply-to: <CAFDOyVCFjV+-0YkKz7D_6efo9GinxQg2N_PZgTzCw6cf-Sx2GA@...18...>
- References: <CAEjYwfXAjOwZ-=igJ6Ojyti43STga3uRwNTfjmzG4Eu8h2xmVg@...18...> <20110925222423.GB22107@...3...> <CAFDOyVCFjV+-0YkKz7D_6efo9GinxQg2N_PZgTzCw6cf-Sx2GA@...18...>
2011/9/26 Folkert van Heusden <folkert.van.heusden@...17...>:
> Imho authentication only makes sense with encryption as well.
> And also: nbd should be in a seperate vlan where it doesn't interfere
> (due to heavy bandwidth usage) with other protocols and vice versa.
There are several reasons for cryptography as commonly implemented:
safety against modification (checksums), proof of identity
(signatures), authentication (password transfer over encrypted
channel, if not done through signature), and the actual encryption.
If there exists an alternative secure channel to share secrets between
the server and client, no public key cryptography is needed; if the
secrets are not sent over but only used as input for hashes through a
challenge-response scheme (and the actual data payload is already
encrypted), then there needs to be no encryption to hide the secrets.
What remains is safety against modification, which means the payload
has to be hashed.
See my other mail for some less convoluted wording.
Christian.
Reply to: