Return-Path: X-Original-To: apmail-qpid-users-archive@www.apache.org Delivered-To: apmail-qpid-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 37BA7177BE for ; Wed, 25 Feb 2015 18:28:58 +0000 (UTC) Received: (qmail 471 invoked by uid 500); 25 Feb 2015 18:28:58 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 399 invoked by uid 500); 25 Feb 2015 18:28:58 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 377 invoked by uid 99); 25 Feb 2015 18:28:57 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Feb 2015 18:28:57 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of astitcher@redhat.com designates 209.132.183.28 as permitted sender) Received: from [209.132.183.28] (HELO mx1.redhat.com) (209.132.183.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Feb 2015 18:28:52 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1PISUKA001216 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 25 Feb 2015 13:28:30 -0500 Received: from [10.10.52.146] (vpn-52-146.rdu2.redhat.com [10.10.52.146]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t1PISTGs020058 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 25 Feb 2015 13:28:29 -0500 Message-ID: <1424888909.3332.17.camel@fuschia> Subject: Re: Proposed SASL changes (API and functional) From: Andrew Stitcher To: proton@qpid.apache.org Cc: users@qpid.apache.org Date: Wed, 25 Feb 2015 13:28:29 -0500 In-Reply-To: <1424879165.2611.53.camel@wallace.redhat.com> References: <1424810902.3410.15.camel@redhat.com> <1424879165.2611.53.camel@wallace.redhat.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Virus-Checked: Checked by ClamAV on apache.org On Wed, 2015-02-25 at 10:46 -0500, Alan Conway wrote: > ... > One ignorant question: Qpid has a min/max "Security Strength Factor" for > encryption rather than a binary enable/disable. Is that relevant here? (Hardly an ignorant question!) You make a very good point, and this design may indeed be a little simplistic - largely because I've not implemented the encryption side yet! 1. I doubt that max ssf is all that useful in practice. 2. Effectively pn_transport_require_encryption() is the same as setting min ssf >1, but is simpler to understand! An alternative might be pn_transport_require_ssf(int) however that isn't as clear and it's not obvious how to choose the ssf value. Perhaps the '1' should be configurable differently. Some input from those who did the similar work in qpidd might be useful. Just some random wittering. Andrew --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org