Changes between Version 1 and Version 2 of Ticket #2142


Ignore:
Timestamp:
2013-12-24T14:17:50Z (11 years ago)
Author:
amontero
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2142 – Description

    v1 v2  
    1 I'm setting up a LAN grid that where I would like to protect storage nodes WebUIs from casual eavesdroppers. I connect to storage nodes via WebUI to do checks and tests, and would like to be a bit safer to wireless sniffers, for instance.
     1I'm setting up a LAN grid that where I would like to protect storage nodes WebUIs from casual eavesdroppers. I connect to storage nodes via WebUI to do checks and tests, and would like to be a bit safer from wireless sniffers at public hotspots, for instance.
    22
    33I assume that enabling SSL for all node's WebUIs would be enough for that, maybe I've overlooked something. Just common-sense rule-of-thumb: (most of)SSL will be better than NO SSL.
     
    88* is "node.pem" even suitable for using it as SSL cert?
    99
    10 I asked in IRC and was given nice alternatives, such as lafs-rpg or ssh tunnels, but doing by enabling just SSL I seem to understand that's not as easy and secure af it sounds. But here I might fall short on understandings of some crypto/PKI concepts. So, anyway at least as a FAQ I would like to know if it is possible or if it can be achieved someway. Here it might raise ideas, such as "why we don't generate a default 'private/webui.pem' and recommend in tahoe.cfg comments?". I think that switching to from NO SSL to SSL WebUI is worth having, isn't it?
     10I asked in IRC and was given nice alternatives, such as vpn, lafs-rpg or ssh tunnels, but doing by enabling just SSL I seem to understand that's not as easy and secure as it sounds. But here I might fall short on understandings of some crypto/PKI concepts. So, anyway at least as a FAQ I would like to know if it is possible or if it can be achieved someway. Here it might raise ideas, such as "why we don't generate a default 'private/webui.pem' and recommend in tahoe.cfg comments?". I think that switching to from NO SSL to SSL WebUI is worth having, isn't it?
    1111
    1212I think making this a bit clear for non cryptologists could at least be a nice security FAQ, even if not advisable.