isn't it settled that keeping of secrets and exchange thereof are the domain of factotum?
On Thu, Jul 2, 2015 at 6:14 AM, Charles Forsyth <charles.fors...@gmail.com> wrote: > I hadn't looked at the "bounties" page recently. It includes > > "improve the tls(3) device $10 - The TLS device implements the record > layer protocols of Transport Layer Security version 1.0 and Secure Sockets > Layer version 3.0. It does not implement the handshake protocols, which are > responsible for mutual authentication and key exchange. Wanted: more > ciphers, support for user certificates, support for certificate > verification. ECDSA! ECDHE!" > > I think that I'd avoid putting the negotiation and certificate stuff (as > such) in the kernel device. > > > On 2 July 2015 at 13:57, Charles Forsyth <charles.fors...@gmail.com> > wrote: > >> >> On 2 July 2015 at 13:30, Anthony Sorace <a...@9srv.net> wrote: >> >>> The p9sk1 *model* is great, and it'd be a real shame to drop it. >> >> >> There always seems to be trouble setting it up, which suggests that the >> documentation people typically first see might need revising >> (or better pointers if it exists but people don't find it). >> > >
