[Security] client-to-client security :: Summary and todo's
pavlix at pavlix.net
Sat Aug 23 16:47:16 CDT 2008
On Sat, 23 Aug 2008 20:37:58 +0200
Dirk Meyer <dmeyer at tzi.de> wrote:
> Dirk Meyer wrote:
> > Pavel Simerda wrote:
> >> On Sat, 23 Aug 2008 18:21:38 +0200
> >> Dirk Meyer <dmeyer at tzi.de> wrote:
> >>> UPnP is a working choice, but bad. Just google for it.
> >> I know what UPnP is.
> > I mean: google why it is a bad choice :) See below
> This is a good doc:
> Automatic access to something without password is a very bad
> idea. That is why I want certificates for all my bots. I would have no
> problem with a bot on my router opening ports for other bots that have
> a valid certificate.
There is a difference between a password and a key.
There is a difference between a symmetric croptography key and a pair
of public/private keys for asymmetric cryptosystems.
There is a lot of places where automatic access (read or even write)
without a password (or key) is appropriate.
These general statements about security are usually false (there is
almost always a bunch of cases where it doesn't do any good).
Jabber & Mail: pavlix(at)pavlix.net
More information about the Security