[Monotone-devel] Re: Transport encryption

[Bruce Stephens]

Nathaniel Smith <address@hidden> writes:

[...]

> I don't have any particular plans to implement it myself, and
> writing my own crypto protocol makes me Very Very Nervous.  And SSL
> and SSH libraries seem to be uniformly horrid.

I haven't looked at any SSH ones, but OpenSSL doesn't seem too
horrible---I'd guess it's not much more horrible than is necessary.
(It compares fairly reasonably in usability with a commercial one I
used from Baltimore, for example.)

> As far as I can tell, for instance, it is simply not possible to
> write async SSL code using freely available docs.

I'm fairly sure it's possible with OpenSSL.  Would it be possible to
change monotone's license slightly to allow linking with OpenSSL, or
is there some externally written GPL code embedded?

>From a grep through the GNU TLS docs, it looks like they intend it to
be possible to use it with non-blocking calls.  Have they missed
something?

> (Plus we have slightly funky requirements, like having our own keys
> that we want to use.)

Yes, that's likely to be an issue.  The two APIs I've seen assume you
want to use X.509 certs and things, I think (even though TLS doesn't
require it, IIRC).

[...]