Hi! I just met s6-networking and am wondering whether it might suit some of my needs. I see UCSPI tools analogous to those in ucspi-tcp and ucspi-ssl, except more composable. That's why I'm here :-)

Way back in the day, Scott Gifford and Charlie Brady designed an UCSPI-TLS interface for "delayed encryption" of services that start unencrypted -- for instance, an SMTP client and server negotiating STARTTLS. Here's an introduction (or maybe reminder): https://web.archive.org/web/20150311220932/http://www.suspectclass.com/sgifford/ucspi-tls/ucspi-tls-qmail-howto.html

I think it's a lovely interface. My own TLS and AUTH implementation for unpatched qmail-smtpd, qmail-pop3d, and ofmipd (https://schmonz.com/qmail/acceptutils) relies on it. At present, the only ready-to-run UCSPI-TLS implementation I'm aware of is Erwin Hoffmann's ucspi-ssl fork, which includes the "sslserver -n" portion of the original implementation but not yet the corresponding "sslclient -y".

If my code -- and perhaps notqmail's (https://github.com/notqmail/notqmail/wiki/Designs) -- could run equally well under s6-networking, that would be really cool. Could UCSPI-TLS be made to fit nicely into s6-networking's design? If so, would you be willing to consider implementing it?

For reference, here's what I believe is the latest version of Gifford and Brady's code, including both client and server implementations for William Baxter's ucspi-ssl: https://github.com/SuperScript/ucspi-ssl/compare/master...scottgifford:master


- Amitai

Reply via email to