[sane-standard] sane standard proposals (3) "data security"

Johannes Berg johannes@sipsolutions.net
Mon, 11 Oct 2004 02:41:05 +0200


--=-iXdemdI9QSf+fAOjvt+G
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

3. Transport Layer Security

As documents that are scanned could be confidential, I propose that it
should (optionally) be possible to encrypt the network protocol. Instead
of reserving a new port and making connections over that port encrypted
by default, a new verb SANE_START_TLS could be added, similar to the
STARTTLS command in POP3.

After the server responds with SANE_STATUS_SUCCESS to the SANE_START_TLS
verb, TLS/SSL negotiation occurs and everything after that point is sent
encrypted until the connection ends.

off-topic note: It should also be possible to configure a server to only
accept logins after encryption has been negotiated.

johannes

--=-iXdemdI9QSf+fAOjvt+G
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Comment: Johannes Berg (SIP Solutions)

iQIVAwUAQWnWnKVg1VMiehFYAQKQeA/9E2f1+lEhm4YlbzHkBkJZYH0HnbU5YfjF
ACrTX8ydOZVZZAWZhK7wiYqhrc205v/5/aaTkMBq99Xgh+TIRLQBBbvTR/MA/ON1
rrLOf/052MmsZ8QA7DS94m+RyQ4cL2yyxhSfp6X785rG+QBL9zRRaR9n8qetOji5
5VU3fvn8WeXoCFdGxZhe6OxH4JbZZNfEvVP/Kn9bewY7jGP8xQ9DmV+CbvapnBrt
U6m+MDHMCvjBeiVlUbnhHLeXLPHUfolJJKLONpMX9r5GE2yo0JzXIwMOiiUB5zaQ
Vqrzj6KU/N10vmID9K0gBlkXPn+hcacf+QE/1F0XKOutQYDPyXtX0kYzbVithmGp
8CzoWUsTbr2JxThZvJJVMgKQjNOUidhh1H5l2qS7HIn3AXxki+B2a+sacQOrKp/2
T/y0UkZZsmbP7zr83LZxHKn76sewKFz8cUxiYlorN9R92b0Nf4HxIRrNjKhWmVbH
dJ8zzj8MTZxCGjr0pbWX3hnhzq/WR7Ut46a/yNEcZrXJBa9YT9sPbKlOWRRhSTur
D5l+6fKqrVTco/0tE88mWCIYP3bU/W6VUQ4cexX/roqSJUnUuF2xMs0ZGXQp96hh
HVS57PrP0sjLNivzrtmgsHi0sHhGqj9qWFlALWrMddGcoVKfR+6kfmepZ2eubW2d
Es5KkJHR6JM=
=IEub
-----END PGP SIGNATURE-----

--=-iXdemdI9QSf+fAOjvt+G--