[DGD]DGD network io, SSL encryption and unix sockets

[Felix A. Croes]

Brett McCormick <brett at mail.flyingcroc.net> wrote:

> To follow up on this, it doesn't look like it would be that hard to
> add SSL and unix domain socket capabilities through
> host/unix/connect.c.  The only problem I see is getting the applicable
> configuration parameters from the conf_init() function to the
> conn_init() function.

In spite of my claim not to know the Right Way, some comments:

I would suggest adding a kernel function to turn an existing connection
into an encrypted connection, rather than a secure connection on a
different port.

SSL is not very secure anymore.  If you want to base your implementation
on an existing standard, I suggest starting with the SSH protocol.


> Perhaps configuration variables could be included in conf[] much in
> the same way that function definitions are included into kfun/table.c.
> Additionally the various "local connect parameters" could be passed
> not as individual arguments from conf_init()->comm_init()->conn_init()
> but in some sort of structure to allow for various parameters of
> different types.

The communications module is indeed harder to modify than I originally
intended.  Part of the reason for this is that I thought internet
connectivity as provided by DGD was all that anyone would ever want --
I was wrong, of course.  But I would not add something like Unix domain
sockets to vanilla DGD, since it would work only on Unix.

I intend to fundamentally rewrite connections handling, both at the
top layer and bottom layers, sometime in the next 6 months, making it
easier to extend in the process.

Regards,
Dworkin

List config page:  http://list.imaginary.com/mailman/listinfo/dgd