Fair point, but I think the original post implied it wanted to use HTTPS. I have nothing against SSL tunnels either, in fact, that's probably a better idea. -C Corey J. Steele, Security Analyst Good Samaritan Society e-mail: csteele@good-sam.com voice: (605) 362-3899 >>> Brian Hatch <loganalysisat_private> 08/15/01 06:08PM >>> > Why not https? Why not SSH tunnels? > 1) SSH Tunnels are more simple to setup. > 2) SSH is more widely available (i.e. more likely to exist on a wider range > of systems) > 3) SSH isn't bound to the antiquated standards of data > transfer that are imposed by HTTPS. Yes, implementing a > read/write packet-level protocol won't be as easy to > implement, but it could prove to be faster and more > portable. Wait, are you saying that you'd rather have your machines able to log into each other to set up an SSH tunnel rather than writing a protocol that uses SSL? SSL != HTTPS. Either the app could be SSL aware (best option) or you could set up an SSL tunnel with any of the various tools out there, such as server$ stunnel -r 127.0.0.1:STANDARD_PORT -d SSL_PORT client$ stunnel -d 127.0.0.1:STANDARD_PORT -r server:SSL_PORT -c The client is configured to talk to 127.0.0.1 on the STANDARD_PORT, like it normally would. However this connetion is silently tunneled via SSL to the STANDARD_PORT on the server. No HTTPS, mind you, just straight SSL. Now none of this requires that either machine can SSH to the other. That, in my mind, is a big plus. And none of those stunnel commands need run as root unless you want STANDARD_PORT to be <1024. -- Brian Hatch Lead me not into temptation Systems and I can find the way myself. Security Engineer www.hackinglinuxexposed.com Every message PGP signed --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 09:24:05 PDT