This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
I should have thought about this more before responding. Active search/connection is not necessary. This information would be obtained using nss functions against the databases of trusted ssl peers and signers.
Re. stap --server-status=trusted, how would stap determine theAs a trusted peer, successfully establishing a ssl connection is
trustedness of remote servers? Do they advertise their ssl/signing
keys?
sufficient. As a trusted signer, I was thinking that the server would
sign some random chunk of data and that stap would verify the signature
in the same way that staprun verifies a signed module.
So it would require an active search& trial connections. How about 'stap --server=search' or something like that, to produce a listing of nearby peers? Filtering on trustedness etc. could be done by the user via grep.
Certainly there is a need for on demand specification. I do also like the idea of automatically looking for a server if the client host lacks required information.Hm, how should the client decide whether to look for a server vs. attempting local compilation of a script? 'stap --server=XXX' i.e., on user's demand? Or automatically (in case of a pass 2/4 error indicating missing debuginfo/kernel-devel)?
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |