river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Kleczek <michal.klec...@xpro.biz>
Subject Re: Towards Internet Jini Services (trust)
Date Mon, 04 Oct 2010 13:28:33 GMT
On Monday 04 of October 2010 14:57:48 Sim IJskes - QCG wrote:
> On 10/04/2010 02:38 PM, Tom Hobbs wrote:
> > Isn't that the basic underpinning of secure web traffic?
> > 
> > Maybe I'm being overly simplistic, but if I browse to www.mybank.com a
> > security handshake happens and then anything that server sends me, be it
> > images, JavaScript, data etc, sends me I implicitly trust.  If I log into
> > gmail.com or amazon.com or whatever, additional handshakes with those
> > (code)servers happens again.
> > 
> > If I get a service proxy from apache.org, then I can implicitly trust it.
> > 
> >   If I download a service proxy from dodgyproxies.com, a site I've never
> > 
> > heard of before, then I shouldn't be suprised if it trashed my machine.
> 
> Exactly. And if you want to download anything from another place than
> the original source, you have to trust the 'codeproxy' and add it to
> your trustlist (for downloading). You still have to verify the code
> against the trustlist for its certificate+codehash. It waters down the
> guarantees a bit, but only for the part of the spent bytes from your
> dataroaming plan. And maybe it would be wise to put that roque codeproxy
> on your 'i will never trust them again' list.

Of course - you can always say - just use trusted intermediaries.
But IMHO it is a step back from where Jini _already_ is.

The service can upload it's code to any code server available (it does not 
have to be trusted). It can upload it's proxy to any untrusted 
ServiceRegistrar or JavaSpace available.
Yet still - the client can make sure it is talking to the right service via 
the right proxy.
The only hole is that a DOS attack during proxy deserialization can be issued 
by a malicious service registrar. The question is - can this problem be 
solved?

If you connect to https://www.mybank.com - you actually use several third 
parties to communicate with your bank - you don't trust them but you're sure 
communication is secure.
Why would a code server or a ServiceRegistrar have to be trusted while the 
routers between you and the bank don't have to?

When you download log4j.jar from doggyjars.com - is it possible to make sure 
it is really log4j.jar? Of course it is - you just check if checksum matches 
with the one you know is from a trusted source.
So if it is possible - why do we have to restrict ourselves to trusted 
websites for downloading code? Or trusted ServiceRegistrars for downloading 
proxies?

Michal

Mime
View raw message