[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DotGNU]Encryption protocols

From: Norbert Bollow
Subject: Re: [DotGNU]Encryption protocols
Date: Wed, 12 Mar 2003 01:02:07 +0100 (CET)

Peter Minten <address@hidden> wrote:

> Rhys Weatherley wrote:
> > A lot of work has gone into SSL/TLS to make sure that the
> > algorithms are used correctly in combination.  It is would be very
> > dangerous for DotGNU to make up a new session protocol.  It would
> > be better to use the standard directly.
> Right. But let's not forget we don't have a socket connection to the
> server/client but a socket connection to the Jabber server in many cases.

We can use TLS for the connection to the Jabber server.

In order to limit the impact of a potential security breach or privacy
violation at the Jabber server, the "payload" data also needs to be
encrypted.  Here three different scenarios need to be taken into

a) exchanging multiple small packets of data

b) sending a single small packet of data

c) sending a large amount of data

In case a), what we want is effectively a TLS-protected connection on top of
the Jabber layer.  (The "payload" part of the data is encrypted twice).  In
case b), we can use libgcrypt and then send an encrypted packet over Jabber
(See ).  In case c), we can use
libgcrypt to create an encrypted file and jabber:iq:oob to ask the recipient
to get the file by means of an out-of-band (OOB) data transfer (see

Then, in every case, we can use a combination of established session

> > Or perhaps instead
> > take an action item to PInvoke-wrap OpenSSL and/or GnuPG for use in C#
> > applications.  The latter is likely to be easier, and less likely to get
> > wrong, but don't let that stop you.  A pure C# implementation would be
> > kind of cool.
> Pure C# would be cool, but C would be more portable (just change a few
> details in a SWIG file and you're done) and thus more useful. Another
> strategy would be of course to start in C and build a pure C# version for
> speed and coolness after that (though I don't know if there will be a
> significant speed benefit).

Crypto stuff is computation-intensive and should therefore IMO be done in C.

Greetings, Norbert.

Founder & Steering Committee member of
Free Software Business Strategy Guide   --->
Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59        Fax +41 1 972 20 69

reply via email to

[Prev in Thread] Current Thread [Next in Thread]