To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos.xml
- browse files at revision 427
- compare with another revision
- download diff
- download tarball
- view history from revision 427
- Committer: Teddy Hogeborn
- Date: 2010-09-13 05:56:48 UTC
- mfrom: (420.1.1 mandos-local)
- Revision ID: teddy@fukt.bsnet.se-20100913055648-v92t4egg6xubyqqo
Merge Makefile change.
- files added:
- .bzr-builddeb
- debian
- debian/po
- files removed:
- plugins.d/usplash
- files renamed:
- plugins.d/password-request.c => plugins.d/mandos-client.c
- plugins.d/password-request.xml => plugins.d/mandos-client.xml
- files modified:
- Makefile
added
removed
mandos.xml
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos">
6
<!ENTITY OVERVIEW SYSTEM "overview.xml">
5
<!ENTITY TIMESTAMP "2010-09-11">
6
<!ENTITY % common SYSTEM "common.ent">
7
%common;
7
8
]>
8
9
9
<refentry>
10
<refentryinfo>
11
<title>&COMMANDNAME;</title>
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
<refentryinfo>
12
<title>Mandos Manual</title>
12
13
<!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
<productname>&COMMANDNAME;</productname>
14
<productnumber>&VERSION;</productnumber>
14
<productname>Mandos</productname>
15
<productnumber>&version;</productnumber>
16
<date>&TIMESTAMP;</date>
15
17
<authorgroup>
16
18
<author>
17
19
<firstname>Björn</firstname>
30
32
</authorgroup>
31
33
<copyright>
32
34
<year>2008</year>
35
<year>2009</year>
33
36
<holder>Teddy Hogeborn</holder>
34
37
<holder>Björn Påhlsson</holder>
35
38
</copyright>
36
<legalnotice>
37
<para>
38
This manual page is free software: you can redistribute it
39
and/or modify it under the terms of the GNU General Public
40
License as published by the Free Software Foundation,
41
either version 3 of the License, or (at your option) any
42
later version.
43
</para>
44
45
<para>
46
This manual page is distributed in the hope that it will
47
be useful, but WITHOUT ANY WARRANTY; without even the
48
implied warranty of MERCHANTABILITY or FITNESS FOR A
49
PARTICULAR PURPOSE. See the GNU General Public License
50
for more details.
51
</para>
52
53
<para>
54
You should have received a copy of the GNU General Public
55
License along with this program; If not, see
56
<ulink url="http://www.gnu.org/licenses/"/>.
57
</para>
58
</legalnotice>
39
<xi:include href="legalnotice.xml"/>
59
40
</refentryinfo>
60
41
61
42
<refmeta>
62
43
<refentrytitle>&COMMANDNAME;</refentrytitle>
63
44
<manvolnum>8</manvolnum>
66
47
<refnamediv>
67
48
<refname><command>&COMMANDNAME;</command></refname>
68
49
<refpurpose>
69
Sends encrypted passwords to authenticated Mandos clients
50
Gives encrypted passwords to authenticated Mandos clients
70
51
</refpurpose>
71
52
</refnamediv>
72
53
73
54
<refsynopsisdiv>
74
55
<cmdsynopsis>
75
56
<command>&COMMANDNAME;</command>
76
<arg choice="opt">--interface<arg choice="plain">IF</arg></arg>
77
<arg choice="opt">--address<arg choice="plain">ADDRESS</arg></arg>
78
<arg choice="opt">--port<arg choice="plain">PORT</arg></arg>
79
<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>
80
<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>
81
<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>
82
<arg choice="opt">--debug</arg>
83
</cmdsynopsis>
84
<cmdsynopsis>
85
<command>&COMMANDNAME;</command>
86
<arg choice="opt">-i<arg choice="plain">IF</arg></arg>
87
<arg choice="opt">-a<arg choice="plain">ADDRESS</arg></arg>
88
<arg choice="opt">-p<arg choice="plain">PORT</arg></arg>
89
<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>
90
<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>
91
<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>
92
<arg choice="opt">--debug</arg>
93
</cmdsynopsis>
94
<cmdsynopsis>
95
<command>&COMMANDNAME;</command>
96
<arg choice="plain">--help</arg>
97
</cmdsynopsis>
98
<cmdsynopsis>
99
<command>&COMMANDNAME;</command>
100
<arg choice="plain">--version</arg>
101
</cmdsynopsis>
102
<cmdsynopsis>
103
<command>&COMMANDNAME;</command>
104
<arg choice="plain">--check</arg>
57
<group>
58
<arg choice="plain"><option>--interface
59
<replaceable>NAME</replaceable></option></arg>
60
<arg choice="plain"><option>-i
61
<replaceable>NAME</replaceable></option></arg>
62
</group>
63
<sbr/>
64
<group>
65
<arg choice="plain"><option>--address
66
<replaceable>ADDRESS</replaceable></option></arg>
67
<arg choice="plain"><option>-a
68
<replaceable>ADDRESS</replaceable></option></arg>
69
</group>
70
<sbr/>
71
<group>
72
<arg choice="plain"><option>--port
73
<replaceable>PORT</replaceable></option></arg>
74
<arg choice="plain"><option>-p
75
<replaceable>PORT</replaceable></option></arg>
76
</group>
77
<sbr/>
78
<arg><option>--priority
79
<replaceable>PRIORITY</replaceable></option></arg>
80
<sbr/>
81
<arg><option>--servicename
82
<replaceable>NAME</replaceable></option></arg>
83
<sbr/>
84
<arg><option>--configdir
85
<replaceable>DIRECTORY</replaceable></option></arg>
86
<sbr/>
87
<arg><option>--debug</option></arg>
88
<sbr/>
89
<arg><option>--no-dbus</option></arg>
90
<sbr/>
91
<arg><option>--no-ipv6</option></arg>
92
</cmdsynopsis>
93
<cmdsynopsis>
94
<command>&COMMANDNAME;</command>
95
<group choice="req">
96
<arg choice="plain"><option>--help</option></arg>
97
<arg choice="plain"><option>-h</option></arg>
98
</group>
99
</cmdsynopsis>
100
<cmdsynopsis>
101
<command>&COMMANDNAME;</command>
102
<arg choice="plain"><option>--version</option></arg>
103
</cmdsynopsis>
104
<cmdsynopsis>
105
<command>&COMMANDNAME;</command>
106
<arg choice="plain"><option>--check</option></arg>
105
107
</cmdsynopsis>
106
108
</refsynopsisdiv>
107
109
108
110
<refsect1 id="description">
109
111
<title>DESCRIPTION</title>
110
112
<para>
119
121
Any authenticated client is then given the stored pre-encrypted
120
122
password for that specific client.
121
123
</para>
122
123
124
</refsect1>
124
125
125
126
<refsect1 id="purpose">
126
127
<title>PURPOSE</title>
127
128
128
<para>
129
129
The purpose of this is to enable <emphasis>remote and unattended
130
130
rebooting</emphasis> of client host computer with an
131
131
<emphasis>encrypted root file system</emphasis>. See <xref
132
132
linkend="overview"/> for details.
133
133
</para>
134
135
134
</refsect1>
136
135
137
136
<refsect1 id="options">
138
137
<title>OPTIONS</title>
139
140
138
<variablelist>
141
139
<varlistentry>
142
<term><literal>-h</literal>, <literal>--help</literal></term>
140
<term><option>--help</option></term>
141
<term><option>-h</option></term>
143
142
<listitem>
144
143
<para>
145
144
Show a help message and exit
146
145
</para>
147
146
</listitem>
148
147
</varlistentry>
149
150
<varlistentry>
151
<term><literal>-i</literal>, <literal>--interface <replaceable>
152
IF</replaceable></literal></term>
153
<listitem>
154
<para>
155
Only announce the server and listen to requests on network
156
interface <replaceable>IF</replaceable>. Default is to
157
use all available interfaces.
158
</para>
159
</listitem>
160
</varlistentry>
161
162
<varlistentry>
163
<term><literal>-a</literal>, <literal>--address <replaceable>
164
ADDRESS</replaceable></literal></term>
165
<listitem>
166
<para>
167
If this option is used, the server will only listen to a
168
specific address. This must currently be an IPv6 address;
169
an IPv4 address can be specified using the
170
<quote><literal>::FFFF:192.0.2.3</literal></quote> syntax.
171
Also, if a link-local address is specified, an interface
172
should be set, since a link-local address is only valid on
173
a single interface. By default, the server will listen to
174
all available addresses.
175
</para>
176
</listitem>
177
</varlistentry>
178
179
<varlistentry>
180
<term><literal>-p</literal>, <literal>--port <replaceable>
181
PORT</replaceable></literal></term>
182
<listitem>
183
<para>
184
If this option is used, the server to bind to that
185
port. By default, the server will listen to an arbitrary
186
port given by the operating system.
187
</para>
188
</listitem>
189
</varlistentry>
190
191
<varlistentry>
192
<term><literal>--check</literal></term>
148
149
<varlistentry>
150
<term><option>--interface</option>
151
<replaceable>NAME</replaceable></term>
152
<term><option>-i</option>
153
<replaceable>NAME</replaceable></term>
154
<listitem>
155
<xi:include href="mandos-options.xml" xpointer="interface"/>
156
</listitem>
157
</varlistentry>
158
159
<varlistentry>
160
<term><option>--address
161
<replaceable>ADDRESS</replaceable></option></term>
162
<term><option>-a
163
<replaceable>ADDRESS</replaceable></option></term>
164
<listitem>
165
<xi:include href="mandos-options.xml" xpointer="address"/>
166
</listitem>
167
</varlistentry>
168
169
<varlistentry>
170
<term><option>--port
171
<replaceable>PORT</replaceable></option></term>
172
<term><option>-p
173
<replaceable>PORT</replaceable></option></term>
174
<listitem>
175
<xi:include href="mandos-options.xml" xpointer="port"/>
176
</listitem>
177
</varlistentry>
178
179
<varlistentry>
180
<term><option>--check</option></term>
193
181
<listitem>
194
182
<para>
195
183
Run the server’s self-tests. This includes any unit
197
185
</para>
198
186
</listitem>
199
187
</varlistentry>
200
201
<varlistentry>
202
<term><literal>--debug</literal></term>
203
<listitem>
204
<para>
205
If the server is run in debug mode, it will run in the
206
foreground and print a lot of debugging information. The
207
default is <emphasis>not</emphasis> to run in debug mode.
208
</para>
209
</listitem>
210
</varlistentry>
211
212
<varlistentry>
213
<term><literal>--priority <replaceable>
214
PRIORITY</replaceable></literal></term>
215
<listitem>
216
<para>
217
GnuTLS priority string for the TLS handshake with the
218
clients. The default is
219
<quote><literal>SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP</literal></quote>.
220
See <citerefentry><refentrytitle>gnutls_priority_init
221
</refentrytitle><manvolnum>3</manvolnum></citerefentry>
222
for the syntax. <emphasis>Warning</emphasis>: changing
223
this may make the TLS handshake fail, making communication
224
with clients impossible.
225
</para>
226
</listitem>
227
</varlistentry>
228
229
<varlistentry>
230
<term><literal>--servicename <replaceable>NAME</replaceable>
231
</literal></term>
232
<listitem>
233
<para>
234
Zeroconf service name. The default is
235
<quote><literal>Mandos</literal></quote>. You only need
236
to change this if you for some reason want to run more
237
than one server on the same <emphasis>host</emphasis>,
238
which would not normally be useful. If there are name
239
collisions on the same <emphasis>network</emphasis>, the
240
newer server will automatically rename itself to
241
<quote><literal>Mandos #2</literal></quote>, and so on;
242
therefore, this option is not needed in that case.
243
</para>
244
</listitem>
245
</varlistentry>
246
247
<varlistentry>
248
<term><literal>--configdir <replaceable>DIR</replaceable>
249
</literal></term>
188
189
<varlistentry>
190
<term><option>--debug</option></term>
191
<listitem>
192
<xi:include href="mandos-options.xml" xpointer="debug"/>
193
</listitem>
194
</varlistentry>
195
196
<varlistentry>
197
<term><option>--priority <replaceable>
198
PRIORITY</replaceable></option></term>
199
<listitem>
200
<xi:include href="mandos-options.xml" xpointer="priority"/>
201
</listitem>
202
</varlistentry>
203
204
<varlistentry>
205
<term><option>--servicename
206
<replaceable>NAME</replaceable></option></term>
207
<listitem>
208
<xi:include href="mandos-options.xml"
209
xpointer="servicename"/>
210
</listitem>
211
</varlistentry>
212
213
<varlistentry>
214
<term><option>--configdir
215
<replaceable>DIRECTORY</replaceable></option></term>
250
216
<listitem>
251
217
<para>
252
218
Directory to search for configuration files. Default is
258
224
</para>
259
225
</listitem>
260
226
</varlistentry>
261
227
262
228
<varlistentry>
263
<term><literal>--version</literal></term>
229
<term><option>--version</option></term>
264
230
<listitem>
265
231
<para>
266
232
Prints the program version and exit.
267
233
</para>
268
234
</listitem>
269
235
</varlistentry>
236
237
<varlistentry>
238
<term><option>--no-dbus</option></term>
239
<listitem>
240
<xi:include href="mandos-options.xml" xpointer="dbus"/>
241
<para>
242
See also <xref linkend="dbus_interface"/>.
243
</para>
244
</listitem>
245
</varlistentry>
246
247
<varlistentry>
248
<term><option>--no-ipv6</option></term>
249
<listitem>
250
<xi:include href="mandos-options.xml" xpointer="ipv6"/>
251
</listitem>
252
</varlistentry>
270
253
</variablelist>
271
254
</refsect1>
272
255
273
256
<refsect1 id="overview">
274
257
<title>OVERVIEW</title>
275
&OVERVIEW;
258
<xi:include href="overview.xml"/>
276
259
<para>
277
260
This program is the server part. It is a normal server program
278
261
and will run in a normal system environment, not in an initial
279
RAM disk environment.
262
<acronym>RAM</acronym> disk environment.
280
263
</para>
281
264
</refsect1>
282
265
283
266
<refsect1 id="protocol">
284
267
<title>NETWORK PROTOCOL</title>
285
268
<para>
311
294
<entry>-><!-- → --></entry>
312
295
</row>
313
296
<row>
314
<entry><quote><literal>1\r\en</literal></quote></entry>
297
<entry><quote><literal>1\r\n</literal></quote></entry>
315
298
<entry>-><!-- → --></entry>
316
299
</row>
317
300
<row>
337
320
</row>
338
321
</tbody></tgroup></table>
339
322
</refsect1>
340
323
341
324
<refsect1 id="checking">
342
325
<title>CHECKING</title>
343
326
<para>
344
327
The server will, by default, continually check that the clients
345
328
are still up. If a client has not been confirmed as being up
346
329
for some time, the client is assumed to be compromised and is no
347
longer eligible to receive the encrypted password. The timeout,
330
longer eligible to receive the encrypted password. (Manual
331
intervention is required to re-enable a client.) The timeout,
348
332
checker program, and interval between checks can be configured
349
333
both globally and per client; see <citerefentry>
350
<refentrytitle>mandos.conf</refentrytitle>
351
<manvolnum>5</manvolnum></citerefentry> and <citerefentry>
352
334
<refentrytitle>mandos-clients.conf</refentrytitle>
353
<manvolnum>5</manvolnum></citerefentry>.
335
<manvolnum>5</manvolnum></citerefentry>. A client successfully
336
receiving its password will also be treated as a successful
337
checker run.
354
338
</para>
355
339
</refsect1>
356
340
357
341
<refsect1 id="logging">
358
342
<title>LOGGING</title>
359
343
<para>
360
The server will send log messaged with various severity levels
361
to <filename>/dev/log</filename>. With the
344
The server will send log message with various severity levels to
345
<filename>/dev/log</filename>. With the
362
346
<option>--debug</option> option, it will log even more messages,
363
347
and also show them on the console.
364
348
</para>
365
349
</refsect1>
366
350
351
<refsect1 id="dbus_interface">
352
<title>D-BUS INTERFACE</title>
353
<para>
354
The server will by default provide a D-Bus system bus interface.
355
This interface will only be accessible by the root user or a
356
Mandos-specific user, if such a user exists. For documentation
357
of the D-Bus API, see the file <filename>DBUS-API</filename>.
358
</para>
359
</refsect1>
360
367
361
<refsect1 id="exit_status">
368
362
<title>EXIT STATUS</title>
369
363
<para>
371
365
critical error is encountered.
372
366
</para>
373
367
</refsect1>
374
375
<refsect1 id="file">
368
369
<refsect1 id="environment">
370
<title>ENVIRONMENT</title>
371
<variablelist>
372
<varlistentry>
373
<term><envar>PATH</envar></term>
374
<listitem>
375
<para>
376
To start the configured checker (see <xref
377
linkend="checking"/>), the server uses
378
<filename>/bin/sh</filename>, which in turn uses
379
<varname>PATH</varname> to search for matching commands if
380
an absolute path is not given. See <citerefentry>
381
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
382
</citerefentry>.
383
</para>
384
</listitem>
385
</varlistentry>
386
</variablelist>
387
</refsect1>
388
389
<refsect1 id="files">
376
390
<title>FILES</title>
377
391
<para>
378
392
Use the <option>--configdir</option> option to change where
401
415
</listitem>
402
416
</varlistentry>
403
417
<varlistentry>
404
<term><filename>/var/run/mandos/mandos.pid</filename></term>
418
<term><filename>/var/run/mandos.pid</filename></term>
405
419
<listitem>
406
420
<para>
407
421
The file containing the process id of
418
432
</para>
419
433
</listitem>
420
434
</varlistentry>
435
<varlistentry>
436
<term><filename>/bin/sh</filename></term>
437
<listitem>
438
<para>
439
This is used to start the configured checker command for
440
each client. See <citerefentry>
441
<refentrytitle>mandos-clients.conf</refentrytitle>
442
<manvolnum>5</manvolnum></citerefentry> for details.
443
</para>
444
</listitem>
445
</varlistentry>
421
446
</variablelist>
422
447
</refsect1>
423
448
424
449
<refsect1 id="bugs">
425
450
<title>BUGS</title>
426
451
<para>
427
452
This server might, on especially fatal errors, emit a Python
428
453
backtrace. This could be considered a feature.
429
454
</para>
455
<para>
456
Currently, if a client is disabled due to having timed out, the
457
server does not record this fact onto permanent storage. This
458
has some security implications, see <xref linkend="clients"/>.
459
</para>
460
<para>
461
There is no fine-grained control over logging and debug output.
462
</para>
463
<para>
464
Debug mode is conflated with running in the foreground.
465
</para>
466
<para>
467
The console log messages do not show a time stamp.
468
</para>
469
<para>
470
This server does not check the expire time of clients’ OpenPGP
471
keys.
472
</para>
430
473
</refsect1>
431
432
<refsect1 id="examples">
433
<title>EXAMPLES</title>
474
475
<refsect1 id="example">
476
<title>EXAMPLE</title>
434
477
<informalexample>
435
478
<para>
436
479
Normal invocation needs no options:
437
480
</para>
438
481
<para>
439
<userinput>mandos</userinput>
482
<userinput>&COMMANDNAME;</userinput>
440
483
</para>
441
484
</informalexample>
442
485
<informalexample>
449
492
<para>
450
493
451
494
<!-- do not wrap this line -->
452
<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>
495
<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>
453
496
454
497
</para>
455
498
</informalexample>
461
504
<para>
462
505
463
506
<!-- do not wrap this line -->
464
<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
507
<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
465
508
466
509
</para>
467
510
</informalexample>
468
511
</refsect1>
469
512
470
513
<refsect1 id="security">
471
514
<title>SECURITY</title>
472
<refsect2>
515
<refsect2 id="server">
473
516
<title>SERVER</title>
474
517
<para>
475
Running this &COMMANDNAME; server program should not in itself
476
present any security risk to the host computer running it.
477
The program does not need any special privileges to run, and
478
is designed to run as a non-root user.
518
Running this <command>&COMMANDNAME;</command> server program
519
should not in itself present any security risk to the host
520
computer running it. The program switches to a non-root user
521
soon after startup.
479
522
</para>
480
523
</refsect2>
481
<refsect2>
524
<refsect2 id="clients">
482
525
<title>CLIENTS</title>
483
526
<para>
484
527
The server only gives out its stored data to clients which
491
534
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
492
535
<manvolnum>5</manvolnum></citerefentry>)
493
536
<emphasis>must</emphasis> be made non-readable by anyone
494
except the user running the server.
537
except the user starting the server (usually root).
495
538
</para>
496
539
<para>
497
540
As detailed in <xref linkend="checking"/>, the status of all
499
542
compromised if they are gone for too long.
500
543
</para>
501
544
<para>
545
If a client is compromised, its downtime should be duly noted
546
by the server which would therefore disable the client. But
547
if the server was ever restarted, it would re-read its client
548
list from its configuration file and again regard all clients
549
therein as enabled, and hence eligible to receive their
550
passwords. Therefore, be careful when restarting servers if
551
it is suspected that a client has, in fact, been compromised
552
by parties who may now be running a fake Mandos client with
553
the keys from the non-encrypted initial <acronym>RAM</acronym>
554
image of the client host. What should be done in that case
555
(if restarting the server program really is necessary) is to
556
stop the server program, edit the configuration file to omit
557
any suspect clients, and restart the server program.
558
</para>
559
<para>
502
560
For more details on client-side security, see
503
<citerefentry><refentrytitle>password-request</refentrytitle>
561
<citerefentry><refentrytitle>mandos-client</refentrytitle>
504
562
<manvolnum>8mandos</manvolnum></citerefentry>.
505
563
</para>
506
564
</refsect2>
507
565
</refsect1>
508
566
509
567
<refsect1 id="see_also">
510
568
<title>SEE ALSO</title>
569
<para>
570
<citerefentry>
571
<refentrytitle>mandos-clients.conf</refentrytitle>
572
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
573
<refentrytitle>mandos.conf</refentrytitle>
574
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
575
<refentrytitle>mandos-client</refentrytitle>
576
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
577
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
578
</citerefentry>
579
</para>
511
580
<variablelist>
512
581
<varlistentry>
513
582
<term>
514
<citerefentry>
515
<refentrytitle>password-request</refentrytitle>
516
<manvolnum>8mandos</manvolnum>
517
</citerefentry>
518
</term>
519
<listitem>
520
<para>
521
This is the actual program which talks to this server.
522
Note that it is normally not invoked directly, and is only
523
run in the initial RAM disk environment, and not on a
524
fully started system.
525
</para>
526
</listitem>
527
</varlistentry>
528
<varlistentry>
529
<term>
530
583
<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
531
584
</term>
532
585
<listitem>
549
602
</varlistentry>
550
603
<varlistentry>
551
604
<term>
552
<ulink
553
url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
605
<ulink url="http://www.gnu.org/software/gnutls/"
606
>GnuTLS</ulink>
554
607
</term>
555
608
<listitem>
556
609
<para>
562
615
</varlistentry>
563
616
<varlistentry>
564
617
<term>
565
<citation>RFC 4291: <citetitle>IP Version 6 Addressing
566
Architecture</citetitle>, section 2.5.6, Link-Local IPv6
567
Unicast Addresses</citation>
618
RFC 4291: <citetitle>IP Version 6 Addressing
619
Architecture</citetitle>
568
620
</term>
569
621
<listitem>
570
<para>
571
The clients use IPv6 link-local addresses, which are
572
immediately usable since a link-local addresses is
573
automatically assigned to a network interfaces when it is
574
brought up.
575
</para>
622
<variablelist>
623
<varlistentry>
624
<term>Section 2.2: <citetitle>Text Representation of
625
Addresses</citetitle></term>
626
<listitem><para/></listitem>
627
</varlistentry>
628
<varlistentry>
629
<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
630
Address</citetitle></term>
631
<listitem><para/></listitem>
632
</varlistentry>
633
<varlistentry>
634
<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
635
Addresses</citetitle></term>
636
<listitem>
637
<para>
638
The clients use IPv6 link-local addresses, which are
639
immediately usable since a link-local addresses is
640
automatically assigned to a network interfaces when it
641
is brought up.
642
</para>
643
</listitem>
644
</varlistentry>
645
</variablelist>
576
646
</listitem>
577
647
</varlistentry>
578
648
<varlistentry>
579
649
<term>
580
<citation>RFC 4346: <citetitle>The Transport Layer Security
581
(TLS) Protocol Version 1.1</citetitle></citation>
650
RFC 4346: <citetitle>The Transport Layer Security (TLS)
651
Protocol Version 1.1</citetitle>
582
652
</term>
583
653
<listitem>
584
654
<para>
588
658
</varlistentry>
589
659
<varlistentry>
590
660
<term>
591
<citation>RFC 4880: <citetitle>OpenPGP Message
592
Format</citetitle></citation>
661
RFC 4880: <citetitle>OpenPGP Message Format</citetitle>
593
662
</term>
594
663
<listitem>
595
664
<para>
599
668
</varlistentry>
600
669
<varlistentry>
601
670
<term>
602
<citation>RFC 5081: <citetitle>Using OpenPGP Keys for
603
Transport Layer Security</citetitle></citation>
671
RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
672
Security</citetitle>
604
673
</term>
605
674
<listitem>
606
675
<para>
612
681
</variablelist>
613
682
</refsect1>
614
683
</refentry>
684
<!-- Local Variables: -->
685
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
686
<!-- time-stamp-end: "[\"']>" -->
687
<!-- time-stamp-format: "%:y-%02m-%02d" -->
688
<!-- End: -->
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0