On 17.03.2012 17:33, Christoph Anton Mitterer wrote:
On Mon, 2012-02-20 at 19:49 +0100, Michael Friedrich wrote:
<dev hat on>
the code was NOT useless. stop blaming the devs for that initial
implementation. do better than that - actually make it better.
<dev hat off>
I just tried an compiled my own nrpe with different dh.h. From that one
I used the plugin with the daemon version from SUSE.
So that means plugin and daemon, each with a _DIFFERENT_ set of dh.h
parameters communicate.
And it worked just flawless, which is because anon DH is used, right?
I'm not really sure what you expect from
encryption/integrity/security/SSL but to my mind the above proves quite
clearly that the way NRPE uses SSL right now is absolutely useless,
unless you're looking for subtle ways to waste CPU power.
You must understand that the current way is not even like "one shared
secret"... it's just a unsecured (MiM-attackable) key agreement,... and
only afterwards data is encrypted.
Pointless.
so you are my teacher to tell me what to think? man, i am aware of the
things which are wrong, but stop blaming everyone being badass and
you're the hero of the world.
that behaviour makes your demands just pointless in regard of a valuable
discussion. time will tell when things are to be fixed and whatnot.
<users hat on>
why do i have to upgrade my nsclient++ server which only supports the
old nrpe protocol? oh snap, nsclient++ dev refuses to implement
the new nrpe protocol with ssl certs. fuck, i can't upgrade to the
new version,
but i really really want to use e.g. ipv6 layer
<users hat off>
That's a quite naive and stubborn way of thinking.
and? i am a user not wanting the underneath to be secure, but the
upgrades need to run just fine.
In all doing respect,... I doubt you understand security...
you don't keep up any respect in this discussion. given that, i won't
answer your private mail either. feel free to join the public
discussions whenever you like, but my personal spare time won't be
wasted by someone acting like you.
have a nice life,
michael
ps: fork your own nagios and make the world better.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
