qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Stitcher <astitc...@redhat.com>
Subject Re: Proposed SASL changes (API and functional)
Date Wed, 25 Feb 2015 18:28:29 GMT
On Wed, 2015-02-25 at 10:46 -0500, Alan Conway wrote:
> ...
> One ignorant question: Qpid has a min/max "Security Strength Factor" for
> encryption rather than a binary enable/disable. Is that relevant here?

(Hardly an ignorant question!) You make a very good point, and this
design may indeed be a little simplistic - largely because I've not
implemented the encryption side yet!

1. I doubt that max ssf is all that useful in practice.
2. Effectively pn_transport_require_encryption() is the same as setting
min ssf >1, but is simpler to understand! An alternative might be
pn_transport_require_ssf(int) however that isn't as clear and it's not
obvious how to choose the ssf value. Perhaps the '1' should be
configurable differently.

Some input from those who did the similar work in qpidd might be useful.

Just some random wittering.


To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

View raw message