projects
/
wiki
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
b6ab526
)
Italics don't work in verbatim text.
author
Guus Sliepen
<guus@tinc-vpn.org>
Tue, 12 Jan 2010 13:48:50 +0000
(14:48 +0100)
committer
Guus Sliepen
<guus@tinc-vpn.org>
Tue, 12 Jan 2010 13:48:50 +0000
(14:48 +0100)
goals.mdwn
patch
|
blob
|
history
diff --git
a/goals.mdwn
b/goals.mdwn
index
8a0eebb
..
19f02f5
100644
(file)
--- a/
goals.mdwn
+++ b/
goals.mdwn
@@
-146,14
+146,14
@@
PGP, where peers can sign each other, and if there are enough
signatures, they can allow communication. Trust management should
be simple, for example using a command like
signatures, they can allow communication. Trust management should
be simple, for example using a command like
- tinc trust
*foo*
+ tinc trust
foo
which should let the local tinc
daemon trust information from the peer named *foo*. To authorise
the use of addresses on the VPN, a command like the following could
be used:
which should let the local tinc
daemon trust information from the peer named *foo*. To authorise
the use of addresses on the VPN, a command like the following could
be used:
- tinc allow
*bar*
192.168.3.0/24
+ tinc allow
bar
192.168.3.0/24
This should generate a small certificate that proves that the node that
issued this command trusts node *bar* with the 192.168.3.0/24 range
This should generate a small certificate that proves that the node that
issued this command trusts node *bar* with the 192.168.3.0/24 range
@@
-162,11
+162,11
@@
tinc daemon's configuration, but also spread immediately amongst
the other peers in the VPN. It is also important to allow trust and
authorisation to be revoked in the same way:
the other peers in the VPN. It is also important to allow trust and
authorisation to be revoked in the same way:
- tinc distrust
*foo*
+ tinc distrust
foo
This should make the local tinc daemon stop trusting any information from *foo*.
This should make the local tinc daemon stop trusting any information from *foo*.
- tinc deny
*bar*
+ tinc deny
bar
This should generate a certificate (with a newer timestamp than the previous one) denying
*bar* any access, and spread this amongst the other peers as well.
This should generate a certificate (with a newer timestamp than the previous one) denying
*bar* any access, and spread this amongst the other peers as well.