NNPS / TCP port 433
Grant Taylor
gtaylor at tnetconsulting.net
Sun Dec 12 07:10:30 UTC 2021
On 12/12/21 12:02 AM, Grant Taylor wrote:
> I /want/ to use SRV records. But I find them largely useless for things
> that don't explicitly support them.
As I clicked send, I started to wonder if there might be a way to abuse
/ overload SOCKS or HTTP(S) CONNECT proxies such that you ask them to
connect to a _service._protocol.FQDN and they automagically perform the
SRV resolution /and/ *connection* (proxying) for the proxy client.
Then I realized that there is a fundamental disconnect between the
application layer protocol that clients are expecting. E.g. unencrypted
and encrypted.
Maybe it would be possible to extend the proxy to incorporate something
akin to stunnel / OpenSSL's s_client to do conversion between
unencrypted NN{S,T}P and encrypted NN{S,T}PS. But that's out the
northbound side between the proxy and the SRV target(s). I suppose the
southbound side between the client and the proxy would have it's own
independent encryption (or not).
Like I said, I /really/ /do/ want to use SRV records. But ... they just
aren't conducive to use by things that don't understand them.
I'd love to have _ssh._tcp.<FQDN> plugged into OpenSSH's ProxyCommand.
But ... alas ....
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20211212/e28949e8/attachment.bin>
More information about the inn-workers
mailing list