On Wed, Jun 14, 2000 at 12:12:49PM +0200, Jan Meijer wrote:
> Hi Balazs,
>
> I'm not sure whether you wanted this to go to the list or not.
>
I wanted to send it to the list, I just can't get used to use 'g' to reply.
> > > > Agreed. But low functionality crypto is not necessarily bad crypto.
> > > > I guess we can stop here, because everyone seems to agree that having
> > > > something already done is good, and no one seems to care about embedded
> > > > systems (I also don't care about them).
> >
> > This was the reason I suggested using our own protocol at the first place.
> > Earlier we were discussing even UDP based protocols so that embedded systems
> > could use it.
>
> I don't completely understand what you mean. What was the reason?
>
There was a smalller debate whether the new protocol should use UDP or TCP.
You can find some more info in the list archives. (accessible from the homepage I
think)
> >
> > I'm happy with SSL or TLS. (and btw, someone mentioned using ssh, what I had
> > in mind was similar to the SSH2 transport layer)
>
> Ah, then why not just use the ssh2 transport layer? Designing a good crypto
> protocol is a really hard job.
>
It's not available completely separately as a library like SSL is, and no SSH
implementation is able to accept subprotocols running on the transport layer. (though
lsh will be able to do so)
> > Does SSL provide client authentication other than using client certificates?
>
> Not to my knowledge, though I never completely read the protocol. I know
> the most common handshake pictures always only show the certificate option.
> So, I think you'd be better of using the ssh2 transport layer protocol, that
> allows for more ways of authentication for sure.
Yes, I know that quite well, I'm involved in lsh (GPLed secsh implementation)
development.
--
Bazsi
