[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Feedback for mixminion specs

To: mixminion-dev@freehaven.net
Subject: Re: Feedback for mixminion specs
From: Michael Gurski <mixminion-dev@gurski.org>
Date: Tue, 25 Feb 2003 22:55:08 -0500
Delivered-to: archiver@seul.org
Delivered-to: mixminion-dev-outgoing@seul.org
Delivered-to: mixminion-dev@seul.org
Delivery-date: Tue, 25 Feb 2003 22:55:25 -0500
In-reply-to: <Pine.LNX.4.44.0302211331470.19560-100000@blackbird.lcs.mit.edu>
Mail-followup-to: mixminion-dev@freehaven.net
References: <Pine.LNX.4.44.0302211331470.19560-100000@blackbird.lcs.mit.edu>
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net
User-agent: Mutt/1.5.3i

On Fri, Feb 21, 2003 at 02:14:09PM -0500, George Danezis wrote:
> 2) SSL/TLS
> 
> Early in the design we have decided to go for SSL/TLS instead of designing 
> our own forward secure channel. Was this wise?

FWIW, I'll echo Lucky's sentiments that it was wise, and for all the
same reasons.

> As far as I have 
> experienced the MMTP code takes a third of the project (around 10 pages of 
> C code).

Imagine the length if it had to encompass the secure transport
protocol too.

> The OpenSSL library takes ages to compile, and is seriously big! 
> The cryptographic algorithms we are using, except for MMTP, can be easily 
> found elsewhere (AES, SHA-1, PKCS#1 OAEP RSA and SIG). Finally it creates 
> licensing problems, and introduces bugs we cannot control. 

Since OpenSSL's under a BSD license, about the only thing I can think
of that it would cause problems with would be the GPL.  If this is an
incorrect assumption, my apologies.  However, if this is correct
("this" being you'd like to license your implementation under the GPL)
then there are alternatives.  The ugliest is re-implementing SSL/TLS
by hand.  Been there, done (part of) that (in Java in 1997 no less),
would avoid it like the plague if asked to do so again.  Luckily, it's
been done (again).

GnuTLS <http://www.gnu.org/software/gnutls/> (available under the
LGPL) also implements the SSL/TLS protocol(s).  They even, according
to the docs I've skimmed, have an OpenSSL compatibility layer, which
should reduce/eliminate porting hassles.  Of course, since it's still
listed in "late beta" on their status page, it could have problems,
and definitely doesn't have the maturity of OpenSSL, which I suppose
could be a reason for worrying about licensing later.

Mike
(no, not that Mike Gurski, who appears to even be prior art...<sigh>)

-- 
Michael A. Gurski             (opt. [firstname].)[lastname]@pobox.com
Hail Eris! -><- All Hail Discordia!  O-  http://www.pobox.com/~[lastname]
1024/39B5BADD  PGP: 3493 A994 B159 48B7 1757 1E4E 6256 4570
1024D/1166213E GPG: 628F 37A4 62AF 1475 45DB  AD81 ADC9 E606 1166 213E
My opinions are mine alone, even if you should be sharing them.

"Disciples do own onto masters only a temporary belief and a
suspension of their own judgment until they be fully instructed, and
not an absolute resignation or perpetual captivity."  --Francis Bacon

Attachment: pgp00007.pgp
Description: PGP signature

References:
- Feedback for mixminion specs
  - From: George Danezis <gd@theory.lcs.mit.edu>

Prev by Date: More thoughts on From: lines
Next by Date: BoF: authenticating the TLS connection or not
Previous by thread: RE: Feedback for mixminion specs
Next by thread: Nick out of touch
Index(es):
- Date
- Thread