<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>Bidir GIOP and SSL</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<BR>
<P><FONT SIZE=2 FACE="Arial">Hello experts :),</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">I've got a question about the coexistence of the Bidirectional GIOP and the SSL protocol on TAO 1.4.10.</FONT>
<BR><FONT SIZE=2 FACE="Arial">This answer is very crucial for our system design.</FONT>
<BR><FONT SIZE=2 FACE="Arial">I hope you can help me with that.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Scenario:</FONT>
<BR><FONT SIZE=2 FACE="Arial">########</FONT>
<BR><FONT SIZE=2 FACE="Arial">Let's assume, we have a management system A and a target system B (running TAO 1.4.10 with SSLIOP) </FONT>
<BR><FONT SIZE=2 FACE="Arial">Both systems use bidir. GIOP and SSL.</FONT>
<BR><FONT SIZE=2 FACE="Arial">Certificates are ONLY stored on target system B, system A does NOT store any certificates.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Management system A starts a Corba server (callback server) and target system B starts another Corba server (request server).</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Now the management system A starts a client and initiates an SSL connection.</FONT>
<BR><FONT SIZE=2 FACE="Arial">After the successful handshake (with server authentication) it sends a request to the target system B (request server).</FONT>
<BR><FONT SIZE=2 FACE="Arial">In this message it sends the IOR of its own callback server.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">After that the target system B sends a message to the callback server.</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Arial">Questions:</FONT>
<BR><FONT SIZE=2 FACE="Arial">#########</FONT>
<BR><FONT SIZE=2 FACE="Arial">Does the TAO on target system B REUSE the TCP/SSL connection, that is already build between A and B?</FONT>
<BR><FONT SIZE=2 FACE="Arial">In other words: Is it possible to have only ONE SINGLE TCP/SSL connection between A and B?</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Or do we need two separate connections, one for each direction?</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">And - is it possible to survive with certificates stored ONLY one the target system B?</FONT>
<BR><FONT SIZE=2 FACE="Arial">Or does the management system A also need certificates?</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Thank you for answering and</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Best Regards,</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Jörg Rockel</FONT>
</P>
<P ALIGN=CENTER><B><SPAN LANG="de"><FONT FACE="Times New Roman">_</FONT><FONT SIZE=2 FACE="Times New Roman">______________________________________</FONT></SPAN></B><SPAN LANG="de"></SPAN></P>
<P ALIGN=CENTER><SPAN LANG="de"></SPAN><A HREF="http://www.nokiasiemensnetworks.com/"><SPAN LANG="de"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">www.nokiasiemensnetworks.com</FONT></U></SPAN></A><SPAN LANG="de"><BR>
<FONT SIZE=2 FACE="Arial">Nokia GmbH, Nokia Networks<BR>
Heltorfer Str.1<BR>
D-40472 Düsseldorf Germany<BR>
</FONT></SPAN></P>
<P ALIGN=CENTER><SPAN LANG="de"><B><FONT SIZE=2 FACE="Arial">Jörg Rockel<BR>
</FONT></B><FONT SIZE=2 FACE="Arial">Senior Software Design Engineer</FONT></SPAN></P>
<UL>
<P ALIGN=CENTER><SPAN LANG="en-us"><FONT COLOR="#000000" SIZE=2 FACE="Arial">Research & Development</FONT></SPAN></P>
</UL>
<P ALIGN=CENTER><SPAN LANG="de"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Jörg Rockel</FONT></U></SPAN><A HREF="mailto:joerg.rockel@nsn.com"><SPAN LANG="de"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">@nsn.com</FONT></U></SPAN></A><SPAN LANG="de"><U><BR>
</U><FONT SIZE=2 FACE="Arial">Mobile +49 (0)151 5515 3554<BR>
Fax +49 (0) 211 9412 3383<BR>
</FONT><FONT SIZE=2 FACE="Times New Roman">_______________________________________ </FONT></SPAN></P>
<P ALIGN=CENTER><SPAN LANG="de"><FONT FACE="Times New Roman">The networks business area operates on behalf of Nokia Siemens Networks.<BR>
</FONT></SPAN></P>
<P ALIGN=CENTER><SPAN LANG="de"><I><FONT FACE="Times New Roman">This message is confidential. If you have received this message in error, please delete it from your system. You should not copy it for any purpose, or disclose its contents to any other person. Internet communications are not secure and therefore Nokia GmbH does not accept legal responsibility for the contents of this message as it has been transmitted over a public network. Thank you.</FONT></I></SPAN></P>
<P ALIGN=CENTER><SPAN LANG="de"><I><FONT FACE="Times New Roman">Nokia GmbH, Nokia Networks is a German Company. Further information about the Company is available from its principal offices at Heltorferstrasse 1, D-40472, Düsseldorf, Germany and from the website at </FONT></I></SPAN><A HREF="http://www.nokia.com/"><SPAN LANG="de"><I></I><I><U><FONT COLOR="#0000FF" FACE="Times New Roman">http://www.nokia.com</FONT></U></I><I></I></SPAN></A><SPAN LANG="de"><I><BR>
<FONT FACE="Times New Roman">Sitz der Nokia GmbH: Bochum Amtsgericht Bochum: HRB 4112; Umsatzsteueridentifikationsnummer DE 811163 495; WEEE-Reg.-Nr. DE 51797011;<BR>
Vorsitzender des Aufischtsrates Veli Sundbäck; Geschäftsführer Timo Elonen, Razvan Olosu (Sprecher), Klaus Goll, Dr. Ulrich Halka. Karsten Schilly</FONT></I> </SPAN></P>
<BR>
<BR>
<BR>
</BODY>
</HTML>