[Mono-dev] The best way to secure remoting?
Robert Jordan
robertj at gmx.net
Wed Dec 5 06:07:57 EST 2007
Hi Pablo,
pablosantosluac wrote:
> Ok Robert, thanks!
>
>
> Well, I guess I'd have to modify TcpServerChannel.cs and
> TcpClientChannel.cs (I mean, create new ones) to use secured sockets or
> introduce some sort of encryption there... is that ok? Well, in fact I guess
> the code at TcpServerChannel is the one actually using sockets, isn't it?
>
> About SSL, I've found the following C# SSL library:
> http://www.mentalis.org/soft/projects/seclib/. Is there a better option?
Mono.Security.Protocols.Tls.Ssl{Server|Client}Stream
Robert
>
> Thanks!
>
> pablo
>
> ----- Original Message -----
> From: "Robert Jordan" <robertj at gmx.net>
> To: <mono-devel-list at lists.ximian.com>
> Sent: Tuesday, December 04, 2007 4:01 PM
> Subject: Re: [Mono-dev] The best way to secure remoting?
>
>
>> pablosantosluac wrote:
>>> Thanks for your answer Robert.
>>>
>>> The problem is that I can't host my objects on XSP (plasticd is actually
>>> a
>>> service or a daemon, but not a hosted XSP) neither use SOAP
>>> (performance!)...
>> I see. You could make a copy of TcpChannel and change it to
>> encrypt the data. Since TcpChannel already has a connection
>> pool, it should be already well prepared for SSL.
>> Two days of work, I'd guess.
>>
>> Unfortunately, the remoting infrastructure is not flexible enough
>> to allow other solutions. One could be deluded to implement
>> encryption as a channel sink, but this is really suboptimal
>> because you don't have sessions at this layer.
>> W/out sessions, SSL (and any other symmetric encryption that needs
>> an asymmetric key exchange phase) will be extremely slow.
>>
>> Robert
>>
>>>
>>> pablo
>>>
>>>
>>> ----- Original Message -----
>>> From: "Robert Jordan" <robertj at gmx.net>
>>> To: <mono-devel-list at lists.ximian.com>
>>> Sent: Monday, December 03, 2007 10:35 PM
>>> Subject: Re: [Mono-dev] The best way to secure remoting?
>>>
>>>
>>>> pablosantosluac wrote:
>>>>> Hi there,
>>>>>
>>>>> AFAIK with .net 2.0 SSL is an standard channel, isn't it?
>>>> No, in MS.NET 2.0 it is based on NegotiateStream that uses
>>>> whichever authentication and encryption Windows SSPI dictates.
>>>> See MSDN.
>>>>
>>>>> But my question is: if I want to keep the mono-1.0 profile... what's
>>>>> the
>>>>> best way to secure remoting communication?
>>>> Host your remoting objects in XSP and use HttpChannel + SOAP formatter
>>>> over SSL.
>>>>
>>>> Robert
>>>>
>>>> _______________________________________________
>>>> Mono-devel-list mailing list
>>>> Mono-devel-list at lists.ximian.com
>>>> http://lists.ximian.com/mailman/listinfo/mono-devel-list
>> _______________________________________________
>> Mono-devel-list mailing list
>> Mono-devel-list at lists.ximian.com
>> http://lists.ximian.com/mailman/listinfo/mono-devel-list
More information about the Mono-devel-list
mailing list