[DGD]DGD network io, SSL encryption and unix sockets

Brett McCormick brett at mail.flyingcroc.net
Mon Feb 7 00:37:42 CET 2000


On Monday, 7 February 2000, at 00:15:44, Felix A. Croes wrote:

> Not a "magic string", but a negotiation.  "Shall we make this connection
> secure?"  "Yes, let's."

Perhaps there could be the option of sending encrypted data back and
forth over an unencrypted connection, but a true SSL connection would
be run on a different port..  the connect negotiation (along with
certificate verification) is costly, and the SSL connections would be
a different class of connection with different sorts of
authentication.  I would like to avoid any custom negotiation for
this, either you connect through regular telnet or you connect through
SSL telnet, no special client software needed.

> Doing this with a kfun would allow turning encryption on or off for an
> existing connection.

I would like to have this functionality, I'll have to think about how
to do it.

> I was under the impression that SSL used 512 bit RSA keys, but it turns
> out that I was wrong.  The size of the key is variable in the protocol,
> and it was the USA crypto export restriction that limited it to 512 bits.
> This may be different now, but I am not sure exactly what changed in
> the export rules recently.

Yeah, it pretty much depends on key size.  SSL also has nice free
libraries, I'm not sure what I'd have to do to use SSH, even though it
would be cool..

--brett

List config page:  http://list.imaginary.com/mailman/listinfo/dgd



More information about the DGD mailing list