ssh (was Re: java Digest 5 Sep 2003 15:03:44 -0000 Issue 1283)
Raif S. Naffah
raif@fl.net.au
Sat Sep 6 21:20:00 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On Sat, 6 Sep 2003 08:57 pm, Paul Gear wrote:
> ...
> My need is for an authenticated, encrypted client-server connection
> without any requirement for X.509 infrastructure. Is there a way to
> use JSSE or something similar in non-SSL mode?
have a look at SASL (Simple Authentication and Security Layer)
<http://www.ietf.org/rfc/rfc2222.txt>. it allows different mechanisms
for authentication to be plugged in.
look also at
<http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-08.txt>
which is a proposal for using Secure Remote Password (SRP) as a SASL
mechanism.
SRP (<http://srp.stanford.edu/design3.html>), is a 0-knowledge protocol,
using simple passwords, that allows you to generate a shared secret
which can then protect the client-server connection.
GNU Crypto has implementations of all the above, plus example code for
both client and server (SaslC and SaslS in gnu.crypto.tool). the code
in the project should also be enough to use SASL as a way for
protecting java classes when using RMI as the middleware --by
implementing SASL-ified RMI factory classes.
cheers;
rsn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Que du magnifique
iD8DBQE/Wk+R+e1AKnsTRiERA+ZsAJ9MfPenmD+Sofct4GsEDcMeJDICmwCg8gAY
HahGIb2kTI5LnjN05l5uDaw=
=44Qz
-----END PGP SIGNATURE-----
More information about the Java
mailing list