[Mono-dev] The best way to secure remoting?

Robert Jordan robertj at gmx.net
Wed Dec 5 06:07:57 EST 2007 

Hi Pablo,

pablosantosluac wrote:
> Ok Robert, thanks!
> 
> 
> Well, I guess I'd have to modify TcpServerChannel.cs  and 
> TcpClientChannel.cs (I mean, create new ones) to use secured sockets or 
> introduce some sort of encryption there... is that ok? Well, in fact I guess 
> the code at TcpServerChannel is the one actually using sockets, isn't it?
> 
> About SSL, I've found the following C# SSL library: 
> http://www.mentalis.org/soft/projects/seclib/. Is there a better option?

Mono.Security.Protocols.Tls.Ssl{Server|Client}Stream

Robert


> 
> Thanks!
> 
> pablo
> 
> ----- Original Message ----- 
> From: "Robert Jordan" <robertj at gmx.net>
> To: <mono-devel-list at lists.ximian.com>
> Sent: Tuesday, December 04, 2007 4:01 PM
> Subject: Re: [Mono-dev] The best way to secure remoting?
> 
> 
>> pablosantosluac wrote:
>>> Thanks for your answer Robert.
>>>
>>> The problem is that I can't host my objects on XSP (plasticd is actually 
>>> a
>>> service or a daemon, but not a hosted XSP) neither use SOAP
>>> (performance!)...
>> I see. You could make a copy of TcpChannel and change it to
>> encrypt the data. Since TcpChannel already has a connection
>> pool, it should be already well prepared for SSL.
>> Two days of work, I'd guess.
>>
>> Unfortunately, the remoting infrastructure is not flexible enough
>> to allow other solutions. One could be deluded to implement
>> encryption as a channel sink, but this is really suboptimal
>> because you don't have sessions at this layer.
>> W/out sessions, SSL (and any other symmetric encryption that needs
>> an asymmetric key exchange phase) will be extremely slow.
>>
>> Robert
>>
>>>
>>> pablo
>>>
>>>
>>> ----- Original Message ----- 
>>> From: "Robert Jordan" <robertj at gmx.net>
>>> To: <mono-devel-list at lists.ximian.com>
>>> Sent: Monday, December 03, 2007 10:35 PM
>>> Subject: Re: [Mono-dev] The best way to secure remoting?
>>>
>>>
>>>> pablosantosluac wrote:
>>>>> Hi there,
>>>>>
>>>>> AFAIK with .net 2.0 SSL is an standard channel, isn't it?
>>>> No, in MS.NET 2.0 it is based on NegotiateStream that uses
>>>> whichever authentication and encryption Windows SSPI dictates.
>>>> See MSDN.
>>>>
>>>>> But my question is: if I want to keep the mono-1.0 profile... what's 
>>>>> the
>>>>> best way to secure remoting communication?
>>>> Host your remoting objects in XSP and use HttpChannel + SOAP formatter
>>>> over SSL.
>>>>
>>>> Robert
>>>>
>>>> _______________________________________________
>>>> Mono-devel-list mailing list
>>>> Mono-devel-list at lists.ximian.com
>>>> http://lists.ximian.com/mailman/listinfo/mono-devel-list
>> _______________________________________________
>> Mono-devel-list mailing list
>> Mono-devel-list at lists.ximian.com
>> http://lists.ximian.com/mailman/listinfo/mono-devel-list

More information about the Mono-devel-list mailing list