Tech Off Thread

3 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

SSLStream on Async Sockets

Back to Forum: Tech Off
  • User profile image
    Shark_M

    Hello guys,
       i am trying to implement the SSLStream class, into my Async socket.
    I am woundering does the SSLStream class, automatically Digitally sign all packets sent between clients and the server? does it also make sure that the data is not changed in transit , and that the sender is the one who sent it?
    or do i have to implement after setting up SSLStream, XML Digital Signitures and Licenses to make sure the packets are send by the specific sender, using randomal public key pair?

    i'd appreciate any help on this matter. thanks alot

  • User profile image
    Shark_M

    no one has some idea?

  • User profile image
    androidi

    There's few options afaik. The easy way is usually just enough to keep anyone doing casual packet/traffic monitoring out. If it's a consumer app, that's often what you'll have to be content with, though the new infocard system promises to bring some change to this. If it's a business app there's always the PKI and policies etc. Only the IT should be able to deal with expirations and changed certificates etc. If you rely the end user to find out whether the "Bank of America" really is the real "Bank of America" as it says there, it's not going to be secure.

    Disclaimer: I have *no* experience on these matters obviously so take that as if I don't know anything Smiley

    PS. You probably already noticed but even a tiniest error in the async code will in best case make nothing work and worst case make things work perfect until months later you find out about special case that doesn't work.. (sometimes) Doh!!!

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.