[Spread-users] changing topology, security, and firewalls

Clark C . Evans cce at clarkevans.com
Mon Apr 1 03:12:54 EST 2002

Hello.  I have yet to try spread, but I have a question
about topology changes.  When a new deamon is added to
the system is there any way to notify the other deamons
short of changing their configuration file and re-starting
them?  For instance, can I send a SIGINT and this would
tell the deamon to re-read its configuration file?

Secondly, I must say that I'm very interested in security 
approaches (esp ones with an open source license).   It 
seems that there are two concerns: (a) secure connections
between segments, and (b) security within a segment.  From
what I understand (a) would be a TCP layer connection, where
(b) is UDP packets.  I suppose the simplest way to cover this
sort of thing is to use OpenSSL at a layer just above spread
does this make sense?

Third, I was wondering if communication between segments 
could be implemented using asymmetric HTTP/HTTPS over port 80/443.  
This has the distinct advantage of allowing messages to jump 
over a firewall in small organizations where a system administrator
is hard to come by (or non-existant).  Yes, it is not the best
approach, but you'd be suprized how many small organizations
have a dumb firewall that only allows TCP port 80/443 outgoing
connections (no incoming connections of any type).  

Lastly, I'm kinda new to networking and am not familiar with
how private networks operate or how spread handles them.  Is
there any particular reading that would be helpful?  It would
also be helpful to have a handy reference of what ports and
such spread uses so that I can grok this better.  

Overall this looks _very_ neat and that Guido and Tim are over here
is also encouraging.  I'm looking to build a YAML message bus for 
my pet project, so I will probably be lurking.  YAML is a language
independent data serialization language (see yaml.org) similar to
XML, but without all of the blemishes.  How this gets developed 
such that security, firewalls, and dynamic servers changes seem to
be my only current question set.  Nice user manuals and Yair's 
home page / posted class material have been very very helpful to
understanding how this all works.



More information about the Spread-users mailing list