[erlang-questions] Controlled interaction of two erlang distributed networks
Witold Baryluk
baryluk@REDACTED
Wed Aug 26 18:36:55 CEST 2009
Dnia 2009-08-26, śro o godzinie 18:28 +0200, Kenneth Lundin pisze:
> >
> > (And using inet_ssl_dist is actually *incomplete* for encrypting all
> > necessary traffics, because it does not encrypt empd traffic at all.)
> >
> Why do you think it is important to encrypt the epmd traffic?
> Is there really any sensitive information exchanged there?
> It is really very little data with low frequency exchanged between epmd
> and the nodes. It is actually in practice only used during
> establishment of a new connection to an Erlang node.
>
> I am not saying that the Erlang distribution is perfect for the use
> over global internet but
> is really epmd a problem?
>
> /Kenneth Erlang/OTP Ericsson
>
I think it allows spoofing registration of nodes. This can cause denial
of service.
--
Witold Baryluk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: To jest cz??? wiadomo?ci podpisana cyfrowo
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20090826/288e7178/attachment.bin>
More information about the erlang-questions
mailing list