[Melbourne-pm] Knockd for Web
Sam Watkins
sam at nipl.net
Mon Jun 1 20:49:04 PDT 2009
On Tue, Jun 02, 2009 at 01:26:24PM +1000, Daniel Pittman wrote:
> Using existing, well tested security mechanisms like SSL is almost certainly
> going to beat out building your own.
I would think that using existing systems together with your own will
make it much more secure especially from automated attacks.
> Finally, if you are in sufficient control of the destination system and
> userbase to require port knocking you can almost certainly just use
> client-side SSL certificates for authentication.
>
> Those provide zero-knowledge proof of possession over the Internet without
> *any* reasonable risk of attack.
of course if you are running windows (or using .desktop files!) you
probably have 15 viruses and spyware programs harvesting your certs
which you don't know about :p
Sam
More information about the Melbourne-pm
mailing list