[DGD]DGD network io, SSL encryption and unix sockets
Brett McCormick
brett at mail.flyingcroc.net
Sun Feb 6 20:15:38 CET 2000
On Sunday, 6 February 2000, at 13:49:35, Felix A. Croes wrote:
> In spite of my claim not to know the Right Way, some comments:
>
> I would suggest adding a kernel function to turn an existing connection
> into an encrypted connection, rather than a secure connection on a
> different port.
This is problematic.. Unless there is some "magic string" sent to the
client or server to initiate the handshake, which doesn't exactly turn
me on.
>
> SSL is not very secure anymore. If you want to base your implementation
> on an existing standard, I suggest starting with the SSH protocol.
SSL is just as secure as SSH, since they both use RSA public key
cryptography. I'm not an expert though, so you could very well be
right, but last I heard, SSL wasn't going anywhere.
> I intend to fundamentally rewrite connections handling, both at the
> top layer and bottom layers, sometime in the next 6 months, making it
> easier to extend in the process.
I'll probably wait then since there are plenty of other interesting
things to do in the mean time.
Thanks,
--brett
List config page: http://list.imaginary.com/mailman/listinfo/dgd
More information about the DGD
mailing list