(Illustration by Gaich Muramatsu)
thoth_at_purplefrog.com writes: > > > 1) Security -- how can we secure the portmapper? Clearly security is an > > > issue -- we need to know that the returned port information is correct. > > > However, the portmapper might be mapping the authentication service; > > > similarly, the portmapper might be a more general function for many > > > possible daemons, in which case how does it authenticate? > > NTP uses shared secrets. SSL uses certificate authorities. Maintaining a > single CA certificate to verify server certificates is a little easier than > copying all the keys around. You guys might be interested in trying out some of the SPKI stuff. (I mention this partially because I'm co-chair of the IETF working group.) There is now publicly redistributable code implementing the whole thing, and in my opinion, the model is much better than that in X.509 (and much, much, much simpler). PerryReceived on 1998-03-31 10:02:18