>.. , since I like compression but I also send credentials over TLS :) IMHO, credentials should never be sent over the wire (be it encrypted or not) and never be stored in plaintext.
FWIW, Autobahn provides a challenge-response authentication scheme ("WAMP_CRA") that also allows for salted/hashed passwords (pbkdf2-based) for WebSocket/WAMP. With TLS, and in a Post-Snowden era, how do you know your TLS server isn't impersonated and encryption broken? Personally, I assume root CA private keys of any CA vendor are owned by the NSA anyway. Really, TLS is broken. We need a new scheme. For encryption session keys, Diffie-Hellman is available, and provides perfect forward secrecy naturally. For authentication, we need a peer-based system like PGP has, not relying on centrally managed trust. I know. Not going to happen any time soon .. /Tobias _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python