Thread: [Beepcore-java-users] sample BEEP client/server with TLS/SASL for authentication/transport security

Am looking for the sample code for the above.
Also, I've these questions:
1. After going thro' the RFC for TLS, it supports both authentication and transport
   level security. Can I just use the TLS profile to support both in my Beep implementation?
 
2. I also read in SASL that it's not a good idea to use SASL authentication on top
   of TLS security?
  
BAsically, am in confused state now as to how I can use the security profiles in
BEEP.
 
thx
ceek

			
---------------------------------
Do you Yahoo!?
 Check out the new Yahoo! Front Page. www.yahoo.com

On Nov 8, 2004, at 10:26 PM, dave harris wrote:

> Am looking for the sample code for the above.
> Also, I've these questions:
> 1. After going thro' the RFC for TLS, it supports both authentication=20=

> and transport
> =A0=A0 level security. Can I just use the TLS profile to support both =
in=20
> my Beep implementation?

Sure.  Of course, to use TLS for authentication (at least, two way=20
authentication) you will need clients to have certificates.

> 2. I also read in SASL that it's not a good idea to use SASL=20
> authentication on top
> =A0=A0 of TLS security?

Huh?  SASL/PLAIN *requires* TLS.  There is no problem using SASL=20
authentication on top of TLS.

> BAsically, am in confused state now as to how I can use the security=20=

> profiles in
> BEEP.

Right now, beepcore-java only ships with two SASL profiles: ANONYMOUS=20
and OTP, neither of which are particularly enhanced by TLS, but you=20
should be able to use both over TLS if you wished.

There are pending patches on sourceforge for adding more SASL support. =20=

So far, no one has had time to integrate them.

--
David Blacka    <da...@ve...>
Sr. Engineer    Verisign Applied Research

For some reason I can't post the reply to your posting
from the website.So am sending an email to this
mailing list. This website is definitely not
user-friendly.
 
When you Secure the Session with TLS profile, it
applies
to all the current and subsequent channels on that
Session. The startTLS() call in the client code does
this job for you.


		
__________________________________ 
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com