Re: [Monotone-devel] Transport encryption

[Nathaniel Smith]

On Mon, Oct 10, 2005 at 06:45:12PM +0200, Michael Neumann wrote:
> Hi all,
> 
> Is transport encryption in the works (or planned)? I'm coming from 
> subversion, and there, getting transport encryption to work requires 
> quite a bit of administrative work (in my opinion it simply should not 
> depend on the underlying operating system). Would be nice if Monotone 
> could do better here, like OpenCM did, where this was built-in out of 
> the box.
> 
> How hard would it be to implement transport enryption for Monotone?

I don't have any particular plans to implement it myself, and writing
my own crypto protocol makes me Very Very Nervous.  And SSL and SSH
libraries seem to be uniformly horrid.  As far as I can tell, for
instance, it is simply not possible to write async SSL code using
freely available docs.  (Plus we have slightly funky requirements,
like having our own keys that we want to use.)

On the other hand, it's been pointed out that we actually do all the
hard parts (secure authentication and integrity checking) of secure
channel encryption, and we could just throw something like AES+CTR on
top and go with it.  (This would still leave out some parts whose
importance is not obvious to me, like periodic re-keying.)

_I_ haven't made any motion to do this because my rule of thumb is
that crypto protocols that aren't heavily peer-reviewed simply cannot
be relied on, and I wouldn't like to put unreliable security into
something; users don't tend to pay attention to the part of the docs
where it says "unreliable", just the part where it says "encrypted!".
But there are much more crypto-clueful people than me hanging around
here; maybe one of them has a more informed opinion.

-- Nathaniel

-- 
"But suppose I am not willing to claim that.  For in fact pianos
are heavy, and very few persons can carry a piano all by themselves."