Hi Tony FWIW I wrote some KJ TLS bindings a while back (but hesitate to merge them without a review by someone who knows OpenSSL):
https://github.com/sandstorm-io/capnproto/pull/335 As Ian says, it's straightforward to layer Cap'n Proto's "two-party" RPC (which is the only thing that anyone uses currently) on top of TLS, since it accepts an arbitrary abstract I/O stream. This should only take a few lines of code. So I, too, wonder what "first-class" support would mean. I am very interested in building a better crypto transport leveraging libsodium and probably Noise, but that is, of course, a much more complicated project. :) -Kenton On Thu, Mar 9, 2017 at 10:34 AM, Tony Arcieri <[email protected]> wrote: > I've been deliberating switching one of my projects over from > protobufs/gRPC to capnp. My initial use case is mmaped struct-like data, > which capnp excels at, but I would also like to be able to serve that same > data to the wire, so I more or less want the full capnp-rpc package. > > Unfortunately, I'm back to the same sticking point which has prevented me > from using capnp in the past: TLS support. Has there been any movement on > first-class TLS support in capnp-rpc implementations? It's really a > showstopper for my use cases and I would like to avoid having to deal with > bespoke TLS support in every language I want to make a client library for. > > I know that TLS hasn't been very amenable to capnp-style flows (and talked > with Kenton about that a bit) but I think TLS 1.3 will address a lot of > these problems with 0-RTT support, and until then TLS will just add > additional roundtrips, something I'm fine with. > > Alternatively there's the Noise protocol, which may be a better fit for > capnp's messaging semantics: > > http://noiseprotocol.org/ > > Either way, I need encryption 😉 > > -- > Tony Arcieri > > -- > You received this message because you are subscribed to the Google Groups > "Cap'n Proto" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/group/capnproto. > -- You received this message because you are subscribed to the Google Groups "Cap'n Proto" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/group/capnproto.
