Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes: [...]
> Not having played with the anonymous cipher suites at all, I'm really > walking on thin ice when talking about it. I was under the impression > that all the anonymous cipher suites used EDH (Ephemeral DH?), so > using that would also require a bit more of monotone than you might > think... I've never used them, either. I assumed one just selected one, and the library would do its stuff. Maybe the handshake takes longer, but presumably after that it's just using a symmetric cipher. So what does monotone need to provide? DH parameters, I guess, but those could be built in. I don't know, though, maybe there are security considerations in every user of monotone using the same parameters. I suppose monotone could construct a self-signed X.509 certificate out of its server key, and use that (as a client, it wouldn't need to do any verification at the TLS level, so the coding would just be about constructing the certificate). An easy way would be to use something like OpenSSL to code up the certificate correctly, but if we didn't care about the contents (except for the public key and signature) I'll bet it would be reasonably straightforward to special-case the actual encoding. [...] _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel