[MUD-Dev] SSL vs. SASL (was: UDP Revisted)
Bruce Mitchener
bruce at puremagic.com
Tue Oct 16 12:06:27 CEST 2001
amanda at alfar.com wrote:
> For example, let's say you want to use SSL for connection setup
> and "lobby" stuff, so that you don't have to reinvent that wheel
> (and once you have an established SSL connection, can exchange a
> key for encrypting game data). This way you can offload the SSL
> processing to a hardware SSL accelerator without investing a lot
> of time and energy into that aspect of the problem. For this,
> TCP's the way to go--reinventing SSL over UDP would not bring you
> any benefit.
Have you looked at SASL?
From http://asg.web.cmu.edu/sasl/:
SASL is the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based
protocols. To use SASL, a protocol includes a command for
identifying and authenticating a user to a server and for
optionally negotiating protection of subsequent protocol
interactions. If its use is negotiated, a security layer is
inserted between the protocol and the connection.
I'm not sure if it would map well onto a UDP-based protocol (it
would depend on the semantics of that protocol), but it might be
something better suited than trying to reinvent SSL-over-UDP.
SASL is an IETF standard and is being used in some other protocols
to provide authentication facilities (like the BEEP protocol).
- Bruce
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list