Re: [Nagios-devel] Core 4 Remote Workers
Posted: Tue Feb 05, 2013 7:50 pm
* Daniel Wittenberg [2013-02-05 17:04]:
> I like the idea of libssh2. SSH is simpler both in concept and
> implementation than a PKI.
FWIW, another option would be TLS-PSK as per RFC 4279 (supported by
various TLS libraries, including OpenSSL and GnuTLS).
> In either case, we should definitely have a cleartext option too, for
> debugging if nothing else.
RFC 4785 specifies TLS-PSK without encryption, but I'm not aware of an
implementation that supports this (though there's a trivial patch
against OpenSSL floating around).
Either way, I'd agree that pre-shared keys are more appropriate than a
PKI for this use case.
Holger
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> I like the idea of libssh2. SSH is simpler both in concept and
> implementation than a PKI.
FWIW, another option would be TLS-PSK as per RFC 4279 (supported by
various TLS libraries, including OpenSSL and GnuTLS).
> In either case, we should definitely have a cleartext option too, for
> debugging if nothing else.
RFC 4785 specifies TLS-PSK without encryption, but I'm not aware of an
implementation that supports this (though there's a trivial patch
against OpenSSL floating around).
Either way, I'd agree that pre-shared keys are more appropriate than a
PKI for this use case.
Holger
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]