[Freedombox-discuss] public + private http services
On Fri, Jul 19, 2013 at 7:02 AM, Timur Mehrvarz
<timur.mehrvarz at riseup.net> wrote:
> I wasn't so much concerned about myself getting this configured
> properly. I'm rather concerned about less technical folks trying to
> setup a FBX. Sure, you can configure local-network-only services, by
> changing some firewall rules. But you could also write your services in
> ways for them to handle this autonomously. No specific FW rules would be
> needed then. My question is: do you agree, that this 2nd approach would
> be the more sensible one for FBX?
Timur, thanks for clarifying your question. Hopefully, FreedomBuddy
will help make this sort of ACL easier to manage (though I might be
giving it too much credit). Ideally, if you've exchanged PGP keys (+ an
introduction message, which turns out to be a single step introduction
process that I'm speccing out now), you can use that PGP-encrypted
connection over a variety of transports to exchange location and
authentication information for other services. There was some talk
about using Tinc to setup service-specific VPNs between servers, as
well, to push the authentication layer into the infrastructure so
applications don't need to worry about it. So, we have what look like
secure options, but:
1. None of them are hooked into Plinth.
2. I still haven't configured a Tinc VPN so I'm still a bit fuzzy on how
it works. I keep giving myself other things to do first...
These would be great things to experiment with and write up or add to a
Plinth fork (and announce here!).
Thanks for your time,