river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Kleczek <michal.klec...@xpro.biz>
Subject Re: Towards Internet Jini Services (trust)
Date Mon, 04 Oct 2010 12:25:19 GMT
On Monday 04 of October 2010 14:09:06 Sim IJskes - QCG wrote:
> On 10/04/2010 01:54 PM, Michal Kleczek wrote:
> >> This is why TLS is so important. With TLS you have authentication and
> >> encryption in one solution. You can configure the level of encryption
> >> and the mechnisms for authentication differently for each application.
> >> 
> >> It provides you with an end-to-end solution, so you can use any insecure
> >> path you like.
> > 
> > So you meant TLS between the client and the service in your previous
> > post? But how can the client communicate with the service before
> > unmarshalling the service proxy?
> 
> Before i can start unmarshalling, i need to load the class from the
> classloader. This classloader connects to the code providing server. The
> classloader and server handshake, and exchange certificates. If anything
> is fishy, the connection is severed, and whe only have lost the few
> bytes from the handshake.

Sure - I understand that.
My point is actually that it requires trust relationship with the code server. 
In other words - for me to securely communicate with you we both have to trust 
a single third party (the code server). I don't want that - I just trust you 
but neither you nor I have the necessary infrastructure to have a trusted code 
server - can we still securely communicate using GMail as our code server?.

Michal

Mime
View raw message