On Thu, 2 Oct 2003, Thor Lancelot Simon wrote:
> 1) Creates a socket-like connection object
>
> 2) Allows configuration of the expected identity of the party at the other
> end, and, optionally, parameters like acceptable cipher suite
>
> 3) Connects, returning error if the identity doesn't match. It's
> probably a good idea to require the application to explicitly
> do another function call validating the connection if it decides to
> continue despite an identity mismatch; this will avoid a common,
> and dangerous, programmer errog.
>
> 4) Provides select/read operations thereafter.
>
Speaking as a Postfix developer, it would be very useful to have a
non-blocking interface that maintained an event bitmask and
readable/writable callbacks for the communications channel, allowing a
single-threaded application to get other work done while a TLS negotiation
is in progress, or to gracefully time out the TLS negotiation if progress
is too slow. This means that the caller should be able to tear down the
state of a partially completed connection at any time without memory leaks
or other problems.
--
Victor Duchovni
IT Security,
Morgan Stanley
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
