SECURITY

=== modified file 'TODO' --- TODO 2008-09-03 17:11:32 +0000 +++ TODO 2008-09-03 17:34:29 +0000 @@ -8,9 +8,6 @@ ** [#B] Seperate more code to function for more readability * password-request -** [#A] Man page: man8/password-request.8mandos -*** SEE ALSO - Update from mandos.xml ** [#B] Temporarily lower kernel log level for less printouts during sucessfull boot. ** IPv4 support === modified file 'plugins.d/password-request.xml' --- plugins.d/password-request.xml 2008-09-03 17:11:32 +0000 +++ plugins.d/password-request.xml 2008-09-03 17:34:29 +0000 @@ -336,8 +336,10 @@ /etc/crypttab, but it would then be impossible to enter a password for the encrypted root disk at the console, since this program does not read from the console - at all. This is why a separate plugin does that, which will be - run in parallell to this one by the plugin runner. + at all. This is why a separate plugin ( + password-prompt + 8mandos) does that, which + will be run in parallell to this one by the plugin runner. @@ -446,7 +448,8 @@ SECURITY This program is set-uid to root, but will switch back to the - original user and group after bringing up the network interface. + original (and presumably non-privileged) user and group after + bringing up the network interface. To use this program for its intended purpose (see mandos8. - Note: This makes it impossible to have - Mandos clients which dual-boot to - another operating system which does not run - a Mandos client. + It will also help if the checker program on the server is + configured to request something from the client which can not be + spoofed by someone else on the network, unlike unencrypted + ICMP echo (ping) replies. + + + Note: This makes it completely insecure to + have Mandos clients which dual-boot + to another operating system which is not + trusted to keep the initial RAM disk image + confidential. SEE ALSO + cryptsetup + 8, + crypttab + 5, mandos 8, password-prompt @@ -491,42 +505,121 @@ plugin-runner 8mandos - - - Zeroconf - - - - Avahi - - - - GnuTLS - - - - GPGME - - - - RFC 4880: OpenPGP Message - Format - - - - RFC 5081: Using OpenPGP Keys for - Transport Layer Security - - - - RFC 4291: IP Version 6 Addressing - Architecture, section 2.5.6, Link-Local IPv6 - Unicast Addresses - - + + + + Zeroconf + + + + Zeroconf is the network protocol standard used for finding + Mandos servers on the local network. + + + + + + Avahi + + + + Avahi is the library this program calls to find Zeroconf + services. + + + + + + GnuTLS + + + + GnuTLS is the library this client uses to implement TLS for + communicating securely with the server, and at the same time + send the public OpenPGP key to the server. + + + + + + GPGME + + + + GPGME is the library used to decrypt the OpenPGP data sent + by the server. + + + + + + RFC 4291: IP Version 6 Addressing + Architecture + + + + + Section 2.2: Text Representation of + Addresses + + + + Section 2.5.5.2: IPv4-Mapped IPv6 + Address + + + + Section 2.5.6, Link-Local IPv6 Unicast + Addresses + + + This client uses IPv6 link-local addresses, which are + immediately usable since a link-local addresses is + automatically assigned to a network interfaces when it + is brought up. + + + + + + + + + RFC 4346: The Transport Layer Security (TLS) + Protocol Version 1.1 + + + + TLS 1.1 is the protocol implemented by GnuTLS. + + + + + + RFC 4880: OpenPGP Message Format + + + + The data received from the server is binary encrypted + OpenPGP data. + + + + + + RFC 5081: Using OpenPGP Keys for Transport Layer + Security + + + + This is implemented by GnuTLS and used by this program so + that OpenPGP keys can be used. + + + +