Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
| |
| |
| |
| |
|
Currently runs on FreeBSD-4.6
System is written in perl.
Main DVC process: 4000 lines
DVC GUI (cgi script): 1300 lines
Subsystems: 1800 lines
System also employs:
OpenSSL: Certificate issuance, authenticated/secure sessions
KAME: IPSec subsystem
IPFilter: Firewall subsystem
Bind: DNS subsystem
Zebra: Routing subsystem
Apache, mod-ssl: Graphical User Interface
| |
|
SSL is used to secure control connections between DVCs.
SSL control connections between DVCs are authenticated with X.509
certificates.
Each DVC system uses the OpenSSL software to generate its own
key pair and certificate signing request (CSR). Private keys generated
for the local DVC never leave the system.
The CSR and signed public certificate are exchanged via Internet e-
mail.
| |
|
The Operator key pairs are generated on the DVC system and
provided to the Operator in password protected PKCS #12 files.
| |
|
| |
| !
| |
"|#
Policies are compiled for each partner and are stored in a local Policy
Database. These policies define:
| |
$%&
DVC ³A´ provides to DVC ³B´ the list of services that ³A´ is willing to
make available to ³B´. DVC ³B´ provides similar information to DVC
³A´.
The remote partner¶s offered services are compared and validated against
the locally configured ³expected´ services.
| |
| |
#
| |
| |
&!
| |
$
| |
* $ +
| |