qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Stitcher <astitc...@redhat.com>
Subject Re: Configuration for security.
Date Tue, 05 May 2015 18:57:55 GMT
On Tue, 2015-05-05 at 14:21 -0400, Alan Conway wrote:
> On Tue, 2015-05-05 at 12:43 -0400, Andrew Stitcher wrote:
> > On Tue, 2015-05-05 at 12:13 -0400, Alan Conway wrote:
> > > The problem:
> > > 
> > > 1. Insecure defaults are, well, insecure.
> > > 2. Secure defaults cause confusion and support overhead esp. in dev/testing
environments.
> > > 3. We need fine-grained security settings (e.g. "allow-plain-with-ssl") because
security is complicated.
> > > 
> > > Here's what I would suggest:
> > > 
> > > Provide a top-level setting: "secure", default true.
> > 
> > The new proton security APIs are pretty similar to this already - you
> > did look at them?
> > 
> > There are actually 2 setting which control authentication and
> > encryption.
> 
> That's what I'm getting at. There are already 2, you're adding another
> which is 3, then there'll be 4...

I did consider those settings pretty carefully and did have them
reviewed (potentially by you).

I do think they reasonably cover a lot of the security landscape in a
simple to understand way, and don't need adding to.

However, if you want to add more detailed settings not covered by them
that's ok too.

A



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message