YDL.net signon screen is not secure... What to do about it?
Atro Tossavainen
yellowdog-general@lists.terrasoftsolutions.com
Fri Mar 28 01:30:01 2003
> So, how about it, YDL.net'ers? Would you be willing to accept a
> self-signed certificate in order to keep your YDL.net password secure?
> I know I would.
I'm not a YDL.net'er, but I would much prefer any login screens to be
secured with SSL even if the cert was self-issued, if the alternative
is raw HTTP which _will_ expose such information to all and sundry.
If the SSL certificate brouhaha really is an issue, perhaps YDL could
set up an SSH server with a public "ydl" account and no password where
the shell only accepted one command: "exit". The SSH daemon would be
configured to accept port forwards only to the ydl.net site port 80.
People would then use their ydl.net accounts through "http://localhost:N"
where N is the port they chose for their end of the SSH tunnel. The
public key (fingerprint) for this SSH server would be made available
through the store, as you suggested for the self-signed cert.
--
Atro Tossavainen (Mr.) / The Institute of Biotechnology at
Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
+358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / >
File attachments NOT welcome unless agreed to beforehand.