Network2/Security: Difference between revisions

From OLPC
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
 
Line 1: Line 1:
{{Network2 header}}
{{Network2 header}}
Prerequisite concepts: [[Network2/Concept/Spoofing|spoofing]], [[Network2/Concept/Petname|petname]], [[Network2/Concept/Authentication|authentication]], [[Network2/Concept/Confidentiality|confidentiality]], [[Network2/Concept/Integrity|integrity]], [[Network2/Concept/Availability|availability]], [[Network2/Concept/DNS resolver|DNS resolver]], [[Network2/Concept/DNS nameserver]], [[Network2/Concept/DNSCurve|dnscurve]], [[Network2/Concept/IPsec security association|security association]], [[Network2/Concept/Asymmetric cryptography|asymmetric cryptography]]
Prerequisite concepts: [[Network2/Concept/Spoofing|spoofing]], [[Network2/Concept/Petname|petname]], [[Network2/Concept/Authentication|authentication]], [[Network2/Concept/Confidentiality|confidentiality]], [[Network2/Concept/Integrity|integrity]], [[Network2/Concept/Availability|availability]], [[Network2/Concept/DNS resolver|DNS resolver]], [[Network2/Concept/DNS nameserver|DNS nameserver]], [[Network2/Concept/DNSCurve|dnscurve]], [[Network2/Concept/IPsec security association|security association]], [[Network2/Concept/Asymmetric cryptography|asymmetric cryptography]]


This ''optional'' section is included merely to offer some hints about where we think [[Communications security|communications security]] ought to be headed.
This ''optional'' section is included merely to offer some hints about where we think [[Communications security|communications security]] ought to be headed.

Latest revision as of 06:07, 29 July 2009

Prerequisite concepts: spoofing, petname, authentication, confidentiality, integrity, availability, DNS resolver, DNS nameserver, dnscurve, security association, asymmetric cryptography

This optional section is included merely to offer some hints about where we think communications security ought to be headed.

  1. Spoofing, Integrity, Confidentiality. See communications security and petnames for some background. A very rough road along which something reasonable might lie:
    • Use physical introduction to CNAME cscott.michael.laptop.org to <key>.cscott.laptop.org.
    • Then, my dnscurve-compatible DNS resolver will refuse to give me addresses unless the nameserver I contact for cscott proves knowledge of cscott's private key.
    • Then I have a nice basis with which to configure IPsec security associations.
  2. System Integrity
  3. DoS