On Sat, Jan 17, 2009 at 6:11 PM, Timothy Brownawell
<address@hidden> wrote:
On Sat, 2009-01-17 at 19:44 -0600, Matthew Nicholson wrote:
> Timothy Brownawell wrote:
> >
> > I should also mention that I'm thinking we eventually want to move to
> > SSH2 for encryption/authentication (pending finding a good server-side
> > SSH2 library, there only seem to be client-only libraries available
> > now). This would let us only need to listen in one place for both
> > netsync and stdio (and whatever else we might come up with), and would
> > also mean not needing to keep our own authentication code or write our
> > own encryption code (I know I've seen requests for encrypted netsync).
>
> Why ssh2 and not ssl/tls encryption? Just curious. I imagine ssl
> libraries would be more prevalent.
Because it didn't occur to me, probably because the main tls use I know
is authenticating the server (mostly I think of https) while we
also/mainly want to authenticate the client (which is what ssh is used
for). We'd need our own multiplexing, but that should be quite a lot
less work than pulling a library out of an ssh server.
> And instead of relying on SSH for
> authentication, we could add the option of using PAM for authentication
> which is what SSH uses anyway.
No, probably better to keep using keys for that. I had been thinking ssh
pubkey authentication, but tls seems to allow for client certificates
which should be what we want.
--
Timothy
Free (experimental) public monotone hosting: http://mtn-host.prjek.net