On Thu, 2 Oct 2003, Thor Lancelot Simon wrote: > 1) Creates a socket-like connection object > > 2) Allows configuration of the expected identity of the party at the other > end, and, optionally, parameters like acceptable cipher suite > > 3) Connects, returning error if the identity doesn't match. It's > probably a good idea to require the application to explicitly > do another function call validating the connection if it decides to > continue despite an identity mismatch; this will avoid a common, > and dangerous, programmer errog. > > 4) Provides select/read operations thereafter. >
Speaking as a Postfix developer, it would be very useful to have a non-blocking interface that maintained an event bitmask and readable/writable callbacks for the communications channel, allowing a single-threaded application to get other work done while a TLS negotiation is in progress, or to gracefully time out the TLS negotiation if progress is too slow. This means that the caller should be able to tear down the state of a partially completed connection at any time without memory leaks or other problems. -- Victor Duchovni IT Security, Morgan Stanley --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]