"James A. Donald" <[EMAIL PROTECTED]> writes: >> When tinc 2.0 will ever come out (unfortunately I don't have a lot of >> time to work on it these days), it will probably use the GnuTLS library >> and authenticate and connect daemons with TLS. For performance reasons, >> you want to tunnel network packets via UDP instead of TCP, so hopefully >> there is a working DTLS implementation as well then. > > I have been considering the problem of encrypted channels over UDP or > IP. TLS will not work for this, since it assumes and provides a > reliable, and therefore non timely channel, whereas what one wishes to > provide is a channel where timeliness may be required at the expense > of reliability.
DTLS does not assume a reliable channel -- it is designed for applications that use UDP. Perhaps you are not familiar with it. > I have figured out a solution, which I may post here if you are interested. With respect, James, I think they'd be better off using DTLS. It was designed by experts and it shares the same security properties as TLS. -- Perry E. Metzger [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]