The BOINC software already has the ability to talk to the projects, via HTTPS. There is at least one project using it.
The issue for most projects is the cost of the certificates. These are volunteer projects, and are usually under funded. Plus there is a lot more server overhead with HTTPS.
I think a possibility to verify WUs and other downloaded files, or the connection is a great idea.
The bigger problem is, that the project-servers get hacked. When some bad guys create a working boinc malware-client, this could transform all the clients into a big botnet.
IMHO the security bottleneck are the project servers, since all the clienat softwar trusts them, regardless if HTTP or HTTPS.
The bigger problem is, that the project-servers get hacked.
Thats worst case.
Boinc hasn't a mechanism to verfify apss WUs with gpg o.a., so i think the most possible security at this time is https.
Not the encryption - the validation of the connection...
https
)
The BOINC software already has the ability to talk to the projects, via HTTPS. There is at least one project using it.
The issue for most projects is the cost of the certificates. These are volunteer projects, and are usually under funded. Plus there is a lot more server overhead with HTTPS.
Hi, RE: The issue
)
Hi,
100$/a. For a project like e@h no problem i think.
The overhead is not so much in relation to the sheduler aso.
Unencrypted communication is very dangerous for the clients...
CU
Martin
RE: I think a possibility
)
The bigger problem is, that the project-servers get hacked. When some bad guys create a working boinc malware-client, this could transform all the clients into a big botnet.
IMHO the security bottleneck are the project servers, since all the clienat softwar trusts them, regardless if HTTP or HTTPS.
Hi, RE: The bigger
)
Hi,
Thats worst case.
Boinc hasn't a mechanism to verfify apss WUs with gpg o.a., so i think the most possible security at this time is https.
Not the encryption - the validation of the connection...
CU
Martin