Network2/Security: Difference between revisions
< Network2
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| Line 1: | Line 1: | ||
{{Network2 header}} |
{{Network2 header}} |
||
Prerequisite concepts: [[Network2/Concept/Spoofing|spoofing]], [[Network2/Concept/Petname|petname]], [[Network2/Concept/Authentication|authentication]], [[Network2/Concept/Confidentiality|confidentiality]], [[Network2/Concept/Integrity|integrity]], [[Network2/Concept/Availability|availability]], [[Network2/Concept/DNS resolver|DNS resolver]], [[Network2/Concept/DNS nameserver]], [[Network2/Concept/DNSCurve|dnscurve]], [[Network2/Concept/IPsec security association|security association]], [[Network2/Concept/Asymmetric cryptography|asymmetric cryptography]] |
|||
This ''optional'' section is included merely to offer some hints about where we think [[Communications security|communications security]] ought to be headed. |
This ''optional'' section is included merely to offer some hints about where we think [[Communications security|communications security]] ought to be headed. |
||
Revision as of 06:07, 29 July 2009
Prerequisite concepts: spoofing, petname, authentication, confidentiality, integrity, availability, DNS resolver, Network2/Concept/DNS nameserver, dnscurve, security association, asymmetric cryptography
This optional section is included merely to offer some hints about where we think communications security ought to be headed.
- Spoofing, Integrity, Confidentiality. See communications security and petnames for some background. A very rough road along which something reasonable might lie:
- Use physical introduction to CNAME cscott.michael.laptop.org to <key>.cscott.laptop.org.
- Then, my dnscurve-compatible DNS resolver will refuse to give me addresses unless the nameserver I contact for cscott proves knowledge of cscott's private key.
- Then I have a nice basis with which to configure IPsec security associations.
- System Integrity
- DoS