Return-Path: 
 <qpid-users-return-344-apmail-incubator-qpid-users-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-qpid-users-archive@locus.apache.org
Received: (qmail 31982 invoked from network); 17 Oct 2008 15:01:35 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 17 Oct 2008 15:01:35 -0000
Received: (qmail 93657 invoked by uid 500); 17 Oct 2008 15:01:36 -0000
Delivered-To: apmail-incubator-qpid-users-archive@incubator.apache.org
Received: (qmail 93565 invoked by uid 500); 17 Oct 2008 15:01:36 -0000
Mailing-List: contact qpid-users-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:qpid-users-help@incubator.apache.org>
List-Unsubscribe: <mailto:qpid-users-unsubscribe@incubator.apache.org>
List-Post: <mailto:qpid-users@incubator.apache.org>
List-Id: <qpid-users.incubator.apache.org>
Reply-To: qpid-users@incubator.apache.org
Delivered-To: mailing list qpid-users@incubator.apache.org
Received: (qmail 93409 invoked by uid 99); 17 Oct 2008 15:01:36 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Oct 2008 08:01:36 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of tross@redhat.com designates
 66.187.237.31 as permitted sender)
Received: from [66.187.237.31] (HELO mx2.redhat.com) (66.187.237.31)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Oct 2008 15:00:29 +0000
Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com
 [172.16.27.26])
	by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id m9HEx52c010910;
	Fri, 17 Oct 2008 10:59:05 -0400
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m9HEx5mx008959;
	Fri, 17 Oct 2008 10:59:05 -0400
Received: from dhcp-100-18-254.bos.redhat.com (dhcp-100-18-254.bos.redhat.com
 [10.16.18.254])
	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id m9HEx31H008290;
	Fri, 17 Oct 2008 10:59:04 -0400
Message-ID: <48F8A844.5010702@redhat.com>
Date: Fri, 17 Oct 2008 10:59:16 -0400
From: Ted Ross <tross@redhat.com>
User-Agent: Thunderbird 2.0.0.16 (X11/20080723)
MIME-Version: 1.0
To: qpid-dev@incubator.apache.org, qpid-users@incubator.apache.org
Subject: Re: require encrypted connections?
References: <48F8A310.4020807@redhat.com>
In-Reply-To: <48F8A310.4020807@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26
X-Virus-Checked: Checked by ClamAV on apache.org

Gordon Sim wrote:
> Question: would it be desirable to be able to configure a broker to 
> only accept e.g. SSL connections, not unencrypted TCP connections?
I believe this is desirable (required actually).

We might also want to consider making the transport an input to the ACL 
process.  An admin could, for example, allow open access but only allow 
SSL-connected clients to bind to certain exchanges or subscribe to 
certain queues.

-Ted