[Monotone-devel] Re: Transport encryption

[Bruce Stephens]

Richard Levitte - VMS Whacker <address@hidden> writes:

[...]

> I'm not sure why we would want to use anonymous cipher suites.  We
> currently sign the stream both ways, right?  Why should we stop?

I thought the engineering problem was that TLS libraries like X.509
certificates, but monotone doesn't use such things.  Thus, one
suggestion is that monotone be changed to use X.509 certificates.  

I'm suggesting another would be to leave monotone's protocol just as
it is (complete with signing), and just to use TLS to provide an
encryption wrapper around it, for those that want such a thing.  

That doesn't feel ideal, in that TLS could also do authentication,
which might simplify things.  It doesn't feel too bad, though: why
change the basic monotone protocol if it works?

[...]

> I can inform you, again, that OpenSSL supports non-blocking I/O.

I know.  monotone is under the GNU GPL, and OpenSSL's licence doesn't
quite fit with that.  (On the whole, I'd be in favour of adding the
standard exception to permit monotone to link with OpenSSL, but maybe
there's something GNU GPL required by monotone that would prevent
that.)