Adam Manock wrote: > Yes. The best solution would be for the ZEO protocol to support auth and > crypto natively... > The next best solution (while you wait) is to use CIPE ;-) > > As far as I understand it, even regular TCP port forwarding is TCP over > TCP and suffers from the unreliable carrier assumption causing excess > (eg retransmit) traffic over a reliable channel.
Out of interest, could you elaborate that? I assume you mean port forwarding (without the TCP), which, AFAIK, just is a rewriting of some IP/UDP header information and some, uhm, forwarding. I am not aware of any encapsulation taking place. I quite sure that this isn't the case, because, after all, we can talk to a "normal" tcp/udp server on the ipaddress:port which we forward to. We can also port forward udp-traffic. SSL then adds another layer between transport and application, but it explicitly needs a reliable transport protocol underneath (e.g. TCP). > > Consider: > host <--TCP--> local interface <--TCP tunnel--> local interface > <--TCP--> host > host <--TCP--> virtual loopback interface > <--TCP--> host > > In this common port forwarding scenario, the SSH or SSL tunnel creates a > virtual single loopback interface that > the two hosts use to talk to each other, using TCP. The transport that > joins these two physical interfaces to create one virtual loopback > interface is also TCP. Therefore it's TCP over TCP No, it isn't. You can use something like stunnel to https-"enable" non-https capable http-clients, stunnel -c -d 80 -r ssl-server:443 now go to http://localhost Try it, it's fun ;-). cheers, oliver _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )