Greetings!

On Thu, 25 Aug 2005, [EMAIL PROTECTED] wrote:

> Yes, we also encountered the same restricting issue while developing.
> Now there seems to be only a few remaining bits to be used. It is
> definatively not a good thing for future developers who are planning
> to use their own cipher suites.
>
> >Your patch is very interesting to us because right now we try
> >to make adding of new cipher suites more simple. We are
> >interested in cooperation in this sphere.
>
> Sounds nice. Some other extensible way than the current (one integer
> containing the bitmask) is needed sooner or later.
>
> >We have some preliminary tested concepts regarding easy adding
> >of extra cipher suites and we'll be happy to discuss this ideas.
>
> Maybe it would be better to discuss the ideas in
> this mailing list, so everyone can comment the ideas.

I agree.

The main idea of the work our company currently undertakes in libssl is
that the SSL_CIPHER.algorithms field contains too much independent
information.

It seems to us this field should be divided into some fields containing
particular information about key exchange, authentication, encryption
and MAC specified by the cipher suite. These fields should contain
pointers to the structures containing callbacks implementing required
behaviour for key exchange and authentication.

The structures required for extra encryption or MAC are much more
simple. We have their preliminary implementations and we've implemented
the cipher suite using Russian national cryptoalgorythms for encryption
and MAC. So this idea at least seems to be good enough for experiments.

We hope this short description is clear and will be interesting for a
discussion.

Thank you.

-- 
SY, Dmitry Belyavsky (ICQ UIN 11116575)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to