Notes on Security Levels

From Scire Wiki

Jump to: navigation, search

High: (aka. i'm being watched). Don't allow any non-CA-signed clients. Manally send server cert to each client before client will trust the server. Also generate CA-signed cert and send to client before adding as pending.
Medium: aka normal. Use self-signed cert when first connecting. Trust the first scire server found. When client is approved, send CA-signed cert and replace digest in the client table. This means only the first connection is potentially MITM attackable. This is overcome by manually verifiying the digest.
Low: Self-signed client cert is used after approval. No need for CA. All scire servers are trusted? (not sure on last one)
Very Low/Stupid: (aka we don't need no stinkin security). Same as Low but clients are auto-approved. Meant as a temporary mode for people who need things done fast in a secure environment.

Retrieved from "http://agaffney.org/mediawiki/index.php/Notes_on_Security_Levels"
Personal tools