In message <[EMAIL PROTECTED]> on Mon, 10 Oct 2005 12:32:54 -0700, Nathaniel Smith <[EMAIL PROTECTED]> said:
njs> On Mon, Oct 10, 2005 at 06:45:12PM +0200, Michael Neumann wrote: njs> > How hard would it be to implement transport enryption for Monotone? njs> njs> I don't have any particular plans to implement it myself, and njs> writing my own crypto protocol makes me Very Very Nervous. And njs> SSL and SSH libraries seem to be uniformly horrid. I dunno any SSH library (yeah, I know there's a sshlib or libssh out there, I just haven't looked at it), so I can't speak about them. If you're talking about OpenSSL, I agree that the API could be quite a bit better. njs> As far as I can tell, for instance, it is simply not possible to njs> write async SSL code using freely available docs. Untrue, at least with OpenSSL. Simply set the underlying file descriptors to noon-blocking and you're set. njs> (Plus we have slightly funky requirements, like having our own njs> keys that we want to use.) Yeah, that's a different question... njs> On the other hand, it's been pointed out that we actually do all njs> the hard parts (secure authentication and integrity checking) of njs> secure channel encryption, and we could just throw something like njs> AES+CTR on top and go with it. I'd throw in a bit of handshaking so client and server can agree on an algorithm. njs> (This would still leave out some parts whose importance is not njs> obvious to me, like periodic re-keying.) Considering the length of the sessions held by monotone, I'd say re-keying is an utter waste of time. It *is* valuable for longer time communication, like stelnet, for example. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
