[Openvas-commits] r1600 - trunk/doc/website
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Oct 22 11:28:08 CEST 2008
Author: felix
Date: 2008-10-22 11:28:08 +0200 (Wed, 22 Oct 2008)
New Revision: 1600
Modified:
trunk/doc/website/openvas-cr-17.htm4
Log:
updated CR #17 with more details for design&implementation, reference.
Modified: trunk/doc/website/openvas-cr-17.htm4
===================================================================
--- trunk/doc/website/openvas-cr-17.htm4 2008-10-22 09:23:18 UTC (rev 1599)
+++ trunk/doc/website/openvas-cr-17.htm4 2008-10-22 09:28:08 UTC (rev 1600)
@@ -40,6 +40,8 @@
<h3>References</h3>
<p>
+ <a href="http://lists.wald.intevation.org/pipermail/openvas-devel/2008-October/000972.html">
+ Discussion on mailing list. </a>
</p>
<h3>Rationale</h3>
@@ -82,7 +84,7 @@
<pre>oid <|> name <|> category <|> copyright <|> description <|> summary <|> family <|> plugin_version <|> cve_id <|> bugtraq_id <|> xrefs</pre><br>
After the change it would become:<pre>oid <|> name <|> category <|> copyright <|> description <|> summary <|> family <|> plugin_version <|> cve_id <|> bugtraq_id <|> xrefs <|> nvt_sigs</pre><br>
"nvt_sigs" will be a list of the IDs of the keys used to sign this NVTs
- separated by commas (e.g. 0x12345678,0xABCDABCD,0x9ABCDEF0).
+ separated by commas (e.g. 12345678,ABCDABCD,9ABCDEF0).
</p>
<p>
@@ -94,9 +96,9 @@
<pre>CLIENT <|> CERTIFICATES <|> CLIENT</pre><br>
Server:<br>
<pre>SERVER <|> CERTIFICATES<br>
-[certificate_data] <|> [1 = trusted/0 = not trusted]<br>
-[certificate_data] <|> [1 = trusted/0 = not trusted]<br>
-[certificate_data] <|> [1 = trusted/0 = not trusted]<br>
+[certificate_data] <|> [trusted/untrusted]<br>
+[certificate_data] <|> [trusted/untrusted]<br>
+[certificate_data] <|> [trusted/untrusted]<br>
<|> SERVER</pre><br>
The format of the [certificate_data] field has yet to be decided. It will be
the responsibility of the client to use this field to get the date it needs
@@ -104,14 +106,60 @@
</p>
<p>
- A good place to display information regarding the NVT signature would be the
- information dialog for the individual NVT located in nessus/plugin_infos.c in
- the client.
+ An initial inspection gave following ideas about changes that could have to
+ be done.
</p>
+<h4> Changes in openvas-client </h4>
+
+<ul>
+<li> A new field (simple string as transmitted - see above) in the plugin struct
+ and access methods for it are to be added in nessus/plugin.c.
+<li> General protocol changes are to be reflected in the clients "Communication
+ Manager" nessus/comm.c </li>
+<li> Key-IDs will be included in the client-side cache (nessus/plugin_cache.c).
+ </li>
+<li> Key-IDs of NVT signatures can be displayed in the information dialog for
+ the individual NVTs located in nessus/plugin_infos.c.</li>
+<li> Where and how to use the certificate_data (see above) has to be evaluated.
+ <ul>
+ <li> The contexts could keep a map (keyid|trust) to allow identification of
+ (un)trusted keys.
+ </li>
+ </ul>
+ </li>
+<li> Understanding the certificates and extracting the keys probably adds a
+ dependency (gpgme) to openvas-client. </li>
+</ul>
+
+
+<h4> Changes in openvas-libraries </h4>
+
+<ul>
+<li> Unfortunately, duplicate of changes made to the plugin struct in the
+ client. Duplicate can just be resolved through merge and dependency
+ openvas-client -> openvas-libraries. Point of change will be in plugutils.h/c .
+</li>
+<li> Extraction of key-ids using gpgme. </li>
+</ul>
+
+
+<h4> Changes in openvas-server </h4>
+<ul>
+<li> General protocol changes are to be reflected in the servers "Communication
+ Manager" openvasd/comm.c and handling the elements in /openvasd/otp_1_0.h/c.
+ </li>
+<li> The new field in the plugin struct should be filled in nessus/pluginload.c.
+ </li>
+<li> Key-IDs should be included in the server-sides plugin-cache, too.
+ </li>
+</ul>
+
<h3>History</h3>
<ul>
+<li> 2008-10-22 Felix Wolfsteller <felix.wolfsteller at intevation.de>:<br>
+ Updated design and implementation part</li>
<li> 2008-10-16 Michael Wiegand <michael.wiegand at intevation.de>:<br>
Updated protocol specification.</li>
<li> 2008-10-13 Michael Wiegand <michael.wiegand at intevation.de>:<br>
More information about the Openvas-commits
mailing list