>.. , since I like compression but I also send credentials over TLS :)
IMHO, credentials should never be sent over the wire (be it encrypted or not)
and never be stored in plaintext.
FWIW, Autobahn provides a challenge-response authentication scheme ("WAMP_CRA")
that also allows for salted/hashed passwords (pbkdf2-based) for WebSocket/WAMP.
With TLS, and in a Post-Snowden era, how do you know your TLS server isn't
impersonated and encryption broken?
Personally, I assume root CA private keys of any CA vendor are owned by the NSA
anyway.
Really, TLS is broken.
We need a new scheme. For encryption session keys, Diffie-Hellman is available,
and provides perfect forward secrecy naturally.
For authentication, we need a peer-based system like PGP has, not relying on
centrally managed trust.
I know. Not going to happen any time soon ..
/Tobias
_______________________________________________
Twisted-Python mailing list
[email protected]
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
