• Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r4wp

[!REBOL3] General discussion about REBOL 3

Cyphre
18-Jan-2013
[633]
Graham, the TLS protocol scheme works transparently on tcp ports. 
So you just need to change the port/scheme from 'tcp to 'tls and 
you have the tcp connection secured. Then you can build any higher-level 
protocol over it. Having made the TLS scheme transparent I needed 
to make only few minor changes to the Gabriele's HTTP scheme to be 
able support HTTPS as well.
GrahamC
18-Jan-2013
[634x2]
How did you manage this?
And are you going to implement SHA256 ?
Cyphre
18-Jan-2013
[636x2]
I simply wrote the TLS scheme :-) I've also added the neccessary 
crypto algorithms at the native level (only RSA with ARC4 cipher 
suite is supported at the moment).

IMO this solution gives us much better flexibility: the encryption 
code is native(fast) and the TLS protocol logic is in REBOL so it 
is possibel to enhance it much more easily.
(so for example we can later implement also the certificate handling 
and TLS server mode)
GrahamC
18-Jan-2013
[638]
Sure.  not needing large libraries is a plus
Cyphre
18-Jan-2013
[639x2]
SHA256: yes I'd love to add it. The only problem is to get efficient 
free C implementation.
this applies also for other algorithms so any good links are welcome
GrahamC
18-Jan-2013
[641x2]
so has to be compatible license and in plain C ?
I thought I found some before
Cyphre
18-Jan-2013
[643x2]
I have AES algo prepared for integration. Currently we are looking 
for good implementations of: SHA256, DH and 3DES
(I guess these pieces are missing to cover TLS 1.0 cipher suite set)
GrahamC
18-Jan-2013
[645]
Which copyrights are incompatible?
Robert
18-Jan-2013
[646x4]
GPL
MIT or Apache
or compatible to these.
I thin BSD can fit too.
Cyphre
18-Jan-2013
[650]
Once we manage to integrate the algorithms in form of natives it's 
just matter of adding the other cipher suites handling into the current 
TLS scheme.
GrahamC
18-Jan-2013
[651]
compatible are GPL, MIT and Apache?
Cyphre
18-Jan-2013
[652]
GPL? really?
GrahamC
18-Jan-2013
[653]
that's what I was asking .. robert seems to say yes
Cyphre
18-Jan-2013
[654x2]
I prefer BSD or public domain or suctom 'free' licenses as there 
I'm sure noone will complain I've stolen the code. In other lic cases 
I have no experience.
If GLP is acceptable then things would be easier. (I've seen some 
nice GPL implementations) But I'm not sure GPL code can be used for 
encapping?? But as I said I'm usually lost in the licensing stuff 
;)
GrahamC
18-Jan-2013
[656x2]
I'd think GPL is out
Even Apple has a sha256 open source version out there
Cyphre
18-Jan-2013
[658x2]
BTW getting the TLS/HTTPS to run on Android proves that our solution 
is good and can be easily used in crossplatform way. No need for 
any OpenSSL-like bloat anymore in R3 ;)
I haven't searched for SHA256 yet so that is possible. I'm now looking 
more for the DH and 3DES...
Robert
18-Jan-2013
[660]
GPL not
Cyphre
18-Jan-2013
[661]
One more note: AFAIK the current version of TLS + the encryption 
support increased the binary only by ~10KB which is also cool. I 
have no clue how much could take adding the rest of missing algorithms 
though.
GrahamC
18-Jan-2013
[662]
http://www.codeguru.com/cpp/misc/misc/cryptoapi/article.php/c8195/Portable-Cryptography-API-for-Triple-DES.htm

C and C++ implementations
Cyphre
18-Jan-2013
[663]
thanks, have that one in the candidates list as well
BrianH
18-Jan-2013
[664]
The time protocol mentioned in Vanity seems to need a change in design. 
There should never be a need for READ to have an /args option - that 
is what the path and query stuff are for.

Instead of this:
    read/args time://time.nist.gov [ GMT ]
it should be this:
    read time://time.nist.gov/gmt
Andreas
18-Jan-2013
[665]
`There should never be a need for READ to have an /args option - 
that is what the path and query stuff are for`


That's obviously problematic for systems which already make use of 
URLs including path and query components.
BrianH
18-Jan-2013
[666]
Are you talking about HTTP, the only scheme that has query and paths 
built into the URL spec standard? Because we have WRITE for that 
situation. For other schemes, we can define our own meaning of the 
query (and in some cases path) so we don't break the model.
GrahamC
18-Jan-2013
[667x3]
read time://time.nist.gov/gmt implies to me that there is such a 
url when there isn't
or that they have such a REST service when they don't
write http://www.rebol.com[ HEAD ] is not a write but a read
BrianH
18-Jan-2013
[670]
Actually, it's sending a message to that server to which it is replying, 
but let's not quibble. We have other functions to get the head if 
you prefer.
GrahamC
18-Jan-2013
[671]
I think you mentioned above that write should be used for non idempotent 
actions and read for the idempotent ones.
BrianH
18-Jan-2013
[672x2]
There are more port actions than just WRITE and READ. Don't limit 
yourself to just those two. Most of the metadata operations for HTTP-like 
schemes are handled by QUERY.
Or they would be if the scheme were fully implemented, as the http 
scheme in R3 is not.
GrahamC
18-Jan-2013
[674]
Query doesn't take arguments except the port
BrianH
18-Jan-2013
[675]
And the mode, and it can take a url! or block spec. But there are 
other url! and port! actions than just those 3.
GrahamC
18-Jan-2013
[676x2]
So, what should query do in the prot-http?
It's hard to know how things are supposed to be written when the 
only example we have is apparently incomplete
BrianH
18-Jan-2013
[678]
Agreed.
GrahamC
18-Jan-2013
[679]
So, it's up to us to decide since no one else is going to tell us
BrianH
18-Jan-2013
[680x2]
There's a lot we can tell about the intended design by looking at 
the actions and their options. The actions were pared down deliberately, 
lowering overhead and getting rid of unnecessary options. Any action 
that can operate on a port is pert of the interface of ports, and 
the same goes for URLs. Plus, we have Carl's blogs and docs on the 
subject.
And we have people who discussed the design with Carl.
Andreas
18-Jan-2013
[682]
There are far more URL schemes which have defined uses for the path/query 
components.