[hobbit] Feature request: SSL/TLS client/server negotiation

[Daniel J McDonald]

On Fri, 2006-10-13 at 08:31 +0200, Henrik Stoerner wrote:
> On Thu, Oct 12, 2006 at 04:00:41PM -0400, Schwimmer, Eric E *HS wrote:
> > 

> > 2.  The possibility that someone might compromise one machine running a
> > hobbit client and use that machine to send false reports or DOS the
> > hobbit server.
> 
> Someone with access to a machine with the Hobbit client could still run
> the "bb" program and send in a status report.  Unless you protect the 
> client-side certificate with a passphrase that is kept only in memory 
> - i.e. you'll have to enter it on the console whenever the machine is 
> rebooted or the Hobbit client is restarted - then an attacker will have 
> access to the client certificate, and therefore he can send forged data 
> to the Hobbit server.
> 
> The client certificate does provide authentication, though - so you know
> what server the (forged) data originates from. And rogue clients - i.e.
> anyone with a network connection to your Hobbit server - are kept out.

But you could use the client certificates to limit who can send updates
for a particular host.  Thus bar.example.com could not send a status
message for foo.example.com. That would go a long way to solving Eric's
problem.  

You would still need some sort of method for trusted proxies - for
example, I run bb-mrtg which provides updates for 600 "hosts" that can't
report on their own.


--
Daniel J McDonald, CCIE #2495
Linux mcdonalddj-dc.austin-energy.net 2.6.17-5mdv #1 SMP Wed Sep 13
14:32:31 EDT 2006 i686 Intel(R) Pentium(R) 4 CPU 3.40GHz GNU/Linux