summaryrefslogtreecommitdiff
path: root/Architecture_and_Design/de-DE/Enforcing_Entitlements.po
blob: aaf1cb1fd4d3f2ac458c48c3090d1ad7bd1985fa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# AUTHOR <EMAIL@ADDRESS>, YEAR.
# 
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Kolab Groupware Solution\n"
"Report-Msgid-Bugs-To: https://isues.kolab.org/\n"
"POT-Creation-Date: 2012-11-20T12:52:22\n"
"PO-Revision-Date: 2012-08-13 12:53+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: German (http://www.transifex.com/projects/p/kolab/language/de/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: de\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"

#. Tag: title
#, no-c-format
msgid "Enforcing Entitlements"
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Kolab Groupware is distributed in two different product streams. The "
"community edition is the edition that is supported by the community only, "
"and the enterprise edition, that prior to release has been subject to the "
"necessary Quality Assurance, and is supported by Kolab Systems, for a longer"
" term more appropriate for most businesses, to an extent dependent on the "
"type of Service Level Agreement purchased."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Both product streams however are Free Software entirely. The enterprise "
"edition however has restrictions, and is supported only for such and so many"
" users, systems, domains, mailboxes, groups, and other groupware "
"functionality, again depending on the type of Service Level Agreement that "
"has been purchased."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"This chapter explains how Kolab Systems enforces entitlements using the "
"enterprise version of its software."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"It is commonly understood that for Free Software to be released in a fashion"
" that allows the enforcing of entitlements, a version must be released that "
"either;"
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Itself contains information that allows the program to verify entitlements "
"given a license file. Such program would need to be binary compiled, "
"randomized, and contain a key to unlock the lock on the license file. More "
"importantly, however, the program would need to be proprietary (the "
"<emphasis>Zarafa</emphasis> mechanism)."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Phone home, to verify its current status is within the boundaries configured"
" for it, against a piece of infrastructure controlled by the vendor (the "
"<emphasis>Red Hat Network</emphasis> mechanism)."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"At Kolab Systems, we don't like either of these options. We have come up "
"with a solution that allows the software to remain Free Software, without "
"requiring systems that have Kolab installed to need to phone home."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Software Repositories Behind Lock and Key"
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"First, we create software repositories in a location that requires the "
"consumer to have been issued a key to the lock. We do this through an SSL "
"certificate infrastructure, for which each consumer that we provide access "
"to the repositories is issued with an SSL Client Certificate."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"This guarantees us anyone with access to the software repositories (for "
"installation, but for updates as well) is a known customer, and has been "
"issued a certificate with an expiry date, that we can revoke."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Entitlements Files"
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Example entitlements could be, the number of users or groups supported "
"within a Kolab Groupware environment. The information for all of a "
"customer's support entitlement purchases is contained within an entitlements"
" file, which can be supplemented with more entitlements files so that the "
"entitlements can be added up and thus easily extended."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Issuing Entitlement Files"
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Knowing each of the customer systems contains a Certificate Authority file, "
"and an SSL Client Certificate, as otherwise the system would not have access"
" to the software repositories for important updates, we can use these "
"existing components to sign and encrypt an entitlement file specific to the "
"customer."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"First, we sign the entitlement file using a Certificate Authority "
"certificate, the same one used to issue and sign the SSL Client Certificate."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Second, we encrypt the entitlement file using the SSL Client certificate we "
"have issued to the customer."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"This guarantees that the only those can read the contents of the "
"entitlements file, that have obtained the SSL Client Certificate, for which "
"we can verify the signature on the entitlements file."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Implementing Enforcement"
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"The entire infrastructure can be replicated, by anyone, if all the "
"information the system would have is a Certificate Authority, an SSL Client "
"Certificate, and a signed and encrypted entitlements file. It may be "
"relatively hard to reverse engineer the exact contents of the entitlements "
"file, and update the binary compiled code to accept a new set of "
"certificates, but it is certainly possible to achieve."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Therefor, the components that can enforce the entitlements (for example, the"
" Kolab Daemon) can contain information about the certificates used in the "
"SSL infrastructure. Not to function as a key to a lock, however, but to "
"verify the other information available checks out against what it expects."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"It is safe for software to contain such information, as it is not leaking "
"any information that is not already known to the outside world. However the "
"trick is to not allow this information to be altered or tampered with. More "
"to the point, the trick is to not allow this information to be altered or "
"tampered with in a way that can not be detected."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Our enterprise edition therefor ships a binary compiled version of the "
"software that contains this information, so that checksums can be verified "
"upon every support request, and to make it harder to both alter the codebase"
" as well as maintain a patch-set."
msgstr ""

#. Tag: para
#, no-c-format
msgid ""
"Of course, it is relatively easy to write down any checksums for files right"
" after installation, and run one's own version. However, running one's own "
"version is still detectable through backtraces, and stack traces. If these "
"are reproduced using an original version of the code, then the support issue"
" is legitimate even if the day-to-day code running the environment is not "
"the same."
msgstr ""