Hi, I wanted to discuess (IRC) what exactly I should add to documentation.
It's like adding standard, secure and well defined hash-function for use by plugins and then there are (N) different use-cases. "\-keying-material-exporter label len Save Exported Keying Material [RFC5705] of len bytes using label in environment (exported_keying_material) for use by plugins in OPENVPN_PLUGIN_TLS_FINAL callback." "Keying Material Exporter [RFC-5705] allow additional keying material to be derived from existing TLS channel. This exported keying material can then be used for a variety of purposes. TLS allows client and server to establish keying material for use in the upper layers between the TLS end-points" It is nothing more then generating same keying material for client and server plugins (OPENVPN_PLUGIN_TLS_FINAL callback) without the need of transfer that key throught (D)TLS channel and/or app layer. Daniel On 9 March 2015 at 20:02, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Mon, Mar 09, 2015 at 07:26:28PM +0100, daniel kubec wrote: >> It is actually well defines mechanism for "crypto/authentication" >> plugin developers and they should know what they are doing. >> >> Maybe Let's try to discuss that using IRC. > > IRC explanation isn't going to help someone who comes across this in > a few months or years - a good example in the docs would really be > appreciated. > > No code needed. Just describe the parts that would be needed to make > this work - like "on the server, you need a plugin that talks to > foobar service to get a blinkenlight, on the client, you need a plugin > that uses EKM to make the light blink, via..." > > Right now I see crypto that adds code, seems to not break anything, but > the only reason why the extra code is there is "oh, you can do lots of > cool things with it" - this should be spelled out better, to make it > useful to more people. > > gert > -- > USENET is *not* the non-clickable part of WWW! > //www.muc.de/~gert/ > Gert Doering - Munich, Germany g...@greenie.muc.de > fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
