In message [EMAIL PROTECTED] on Thu, 13 Oct 2005 10:36:16 +0100, Bruce
Stephens [EMAIL PROTECTED] said:
monotone Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes:
monotone
monotone [...]
monotone
monotone I'm not sure why we would want to use anonymous cipher
monotone suites. We
Bruce Stephens spake unto us the following wisdom:
Nathaniel Smith [EMAIL PROTECTED] writes:
We can already do replication across multiple hosts, that are
heterogenous in any way I can think of, and the replication is
secure against tampering, man-in-the-middle, and so on -- it's just
Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes:
[...]
Not having played with the anonymous cipher suites at all, I'm really
walking on thin ice when talking about it. I was under the impression
that all the anonymous cipher suites used EDH (Ephemeral DH?), so
using that would also
Ethan Blanton [EMAIL PROTECTED] writes:
[...]
Unless I'm missing something, using TLS without certificates will
not give you much security at all ... monotone itself will guarantee
that there is no man-in-the-middle *changing* your stream, but if
the encryption isn't authenticated then
On Thu, Oct 13, 2005 at 10:36:16AM +0100, Bruce Stephens wrote:
I'm suggesting another would be to leave monotone's protocol just as
it is (complete with signing), and just to use TLS to provide an
encryption wrapper around it, for those that want such a thing.
It doesn't work like this --
Nathaniel Smith [EMAIL PROTECTED] writes:
[...]
We can already do replication across multiple hosts, that are
heterogenous in any way I can think of, and the replication is
secure against tampering, man-in-the-middle, and so on -- it's just
that people could peak at the data while it goes
I don't have any particular plans to implement it myself, and
writing my own crypto protocol makes me Very Very Nervous. And SSL
and SSH libraries seem to be uniformly horrid.
I haven't looked at any SSH ones, but OpenSSL doesn't seem too
horrible---I'd guess it's not much more horrible
Bruce Stephens [EMAIL PROTECTED] wrote:
Yes, that's likely to be an issue. The two APIs I've seen assume
you want to use X.509 certs and things, I think (even though TLS
doesn't require it, IIRC).
I think GNU TLS is working on supporting OpenPGP keys; might be
extendable to what Monotone is