Subject: Re: cgd and remote keys
To: Curt Sampson <>
From: Greg Troxel <>
List: tech-security
Date: 12/31/2007 11:56:43
  [cgdconfig getting remote keys]

That seems reasonable.

I would lean towards plain UDP with a simple protocol, and protect it
with IPsec.  That should defeat even active network attackerers.  But
TCP seems fine too, and then you can skip the retransmision code.

  Is there an existing protocol we might use that would be as
  simple as a simple TCP connection? (HTTP comes to mind.)

HTTP seems ok, but given that I think you really want to confidentiality
and integrity/data-origin protection on the transaction, this would
influence your choice of transport.  HTTPS could work, but I find
setting up certificates to be awkward.  And plain HTTP over IPsec could
work, but HTTP proxying is prevalaent and thus it's harder to be sure
what's going on is wht you want.

You're really doing RPC.  Maybe use ORBit2 (I'm 99% kidding here).

  Would anybody object to me writing and committing this, along with
  committing a simple server to pkgsrc?

That sounds fine.  I'd be inclined to write the server portably and
release it, and then package it.  It always strikes me as odd to have
non-pkgsrc-infrastructure programs live in pkgsrc as their main home.