[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: Transport encryption

From: Bruce Stephens
Subject: [Monotone-devel] Re: Transport encryption
Date: Thu, 13 Oct 2005 15:53:44 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

Richard Levitte - VMS Whacker <address@hidden> writes:


> Not having played with the anonymous cipher suites at all, I'm really
> walking on thin ice when talking about it.  I was under the impression
> that all the anonymous cipher suites used EDH (Ephemeral DH?), so
> using that would also require a bit more of monotone than you might
> think...

I've never used them, either.  I assumed one just selected one, and
the library would do its stuff.  Maybe the handshake takes longer, but
presumably after that it's just using a symmetric cipher.  So what
does monotone need to provide?  DH parameters, I guess, but those
could be built in.  I don't know, though, maybe there are security
considerations in every user of monotone using the same parameters.

I suppose monotone could construct a self-signed X.509 certificate out
of its server key, and use that (as a client, it wouldn't need to do
any verification at the TLS level, so the coding would just be about
constructing the certificate).  

An easy way would be to use something like OpenSSL to code up the
certificate correctly, but if we didn't care about the contents
(except for the public key and signature) I'll bet it would be
reasonably straightforward to special-case the actual encoding.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]