certi-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[certi-dev] RE: CERTI security features / was: HLA Plugin for XPlane

From: Gotthard, Petr
Subject: [certi-dev] RE: CERTI security features / was: HLA Plugin for XPlane
Date: Mon, 18 Aug 2008 14:09:18 +0200 
Hi Martin, Hi everybody,
thank you for your offer. The people behind firewalls/gateways often get
their public IP dynamically assigned, so the simple workaround wouldn't
work. I'm afraid the changes in CERTI are inevitable. Here goes my
(prioritized) summary:

0) connection tunneling
allow people to use HTTP/SOCKS proxy for accessing the RTIG

1) access control
encrypted authentication very early in the session initiation
prevent people from accessing the RTIG
preferrably integrable with LDAP and/or other authentication services

2) connection security
prevent people from eavesdropping the RTIA--RTIG communication
prevent people from disturbing the RTIA--RTIG communication

3) RTIA--RTIG protocol version check
prevent people with incompatible RTIA version from connecting to RTIG

The 0) is an absolute requirement. The 1) may be necessary for running
RTIG in public Internet.
Some of 2) is described in several ONERA papers on this issue:
http://www.cert.fr/francais/deri/siron/cv/articles.html and implemented
in CERTI (using GSSAPI). I don't know what's the status of this
implementation.


Petr

-----Original Message-----
From: address@hidden
[mailto:address@hidden On
Behalf Of Martin Spott
Sent: Monday, August 18, 2008 12:27 PM
To: address@hidden
Subject: Re: [certi-dev] HLA Plugin for XPlane / interoperability

"Gotthard,Petr" wrote:

> thanks to Martin Spott I have now a better FOM than the RPR-FOM. It 
> seems to be very close to what your X-Plane plug-in is currently
using:
> http://www.aviationsimnet.net/ASN/doc/aviationsimnetV3.1.html

Just to break the silence ....  ;-)
I think we have a nicely connected machine available that allows us to
run a public RTIG for being used with FlightGear. So, if you'd like to
do some interoperability tests or just would like to carry
FlightGear/HLA into the public, please tell me.

We _might_ want to add some sort of an authentication wrapper before if
CERTI does not offer such a feature.

Personally I'd prefer to have encrypted authentication very early in the
session initiation, probably starting with a simple passwd file as a
backend. I'm certain this already is an item on the CERTI developers'
wish list, so I'm not telling news to anyone ....

As long as such feature is not available, we might implement a simple
workaround by having a little web site that allows the user to releave
the IP number of his computer from the firewall restrictions for a
predefined perieod of time.

        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are
!
------------------------------------------------------------------------
--


-- 
CERTI-Devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/certi-devel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]