World: r4wp
[!REBOL3] General discussion about REBOL 3
older newer | first last |
Cyphre 18-Jan-2013 [633] | Graham, the TLS protocol scheme works transparently on tcp ports. So you just need to change the port/scheme from 'tcp to 'tls and you have the tcp connection secured. Then you can build any higher-level protocol over it. Having made the TLS scheme transparent I needed to make only few minor changes to the Gabriele's HTTP scheme to be able support HTTPS as well. |
GrahamC 18-Jan-2013 [634x2] | How did you manage this? |
And are you going to implement SHA256 ? | |
Cyphre 18-Jan-2013 [636x2] | I simply wrote the TLS scheme :-) I've also added the neccessary crypto algorithms at the native level (only RSA with ARC4 cipher suite is supported at the moment). IMO this solution gives us much better flexibility: the encryption code is native(fast) and the TLS protocol logic is in REBOL so it is possibel to enhance it much more easily. |
(so for example we can later implement also the certificate handling and TLS server mode) | |
GrahamC 18-Jan-2013 [638] | Sure. not needing large libraries is a plus |
Cyphre 18-Jan-2013 [639x2] | SHA256: yes I'd love to add it. The only problem is to get efficient free C implementation. |
this applies also for other algorithms so any good links are welcome | |
GrahamC 18-Jan-2013 [641x2] | so has to be compatible license and in plain C ? |
I thought I found some before | |
Cyphre 18-Jan-2013 [643x2] | I have AES algo prepared for integration. Currently we are looking for good implementations of: SHA256, DH and 3DES |
(I guess these pieces are missing to cover TLS 1.0 cipher suite set) | |
GrahamC 18-Jan-2013 [645] | Which copyrights are incompatible? |
Robert 18-Jan-2013 [646x4] | GPL |
MIT or Apache | |
or compatible to these. | |
I thin BSD can fit too. | |
Cyphre 18-Jan-2013 [650] | Once we manage to integrate the algorithms in form of natives it's just matter of adding the other cipher suites handling into the current TLS scheme. |
GrahamC 18-Jan-2013 [651] | compatible are GPL, MIT and Apache? |
Cyphre 18-Jan-2013 [652] | GPL? really? |
GrahamC 18-Jan-2013 [653] | that's what I was asking .. robert seems to say yes |
Cyphre 18-Jan-2013 [654x2] | I prefer BSD or public domain or suctom 'free' licenses as there I'm sure noone will complain I've stolen the code. In other lic cases I have no experience. |
If GLP is acceptable then things would be easier. (I've seen some nice GPL implementations) But I'm not sure GPL code can be used for encapping?? But as I said I'm usually lost in the licensing stuff ;) | |
GrahamC 18-Jan-2013 [656x2] | I'd think GPL is out |
Even Apple has a sha256 open source version out there | |
Cyphre 18-Jan-2013 [658x2] | BTW getting the TLS/HTTPS to run on Android proves that our solution is good and can be easily used in crossplatform way. No need for any OpenSSL-like bloat anymore in R3 ;) |
I haven't searched for SHA256 yet so that is possible. I'm now looking more for the DH and 3DES... | |
Robert 18-Jan-2013 [660] | GPL not |
Cyphre 18-Jan-2013 [661] | One more note: AFAIK the current version of TLS + the encryption support increased the binary only by ~10KB which is also cool. I have no clue how much could take adding the rest of missing algorithms though. |
GrahamC 18-Jan-2013 [662] | http://www.codeguru.com/cpp/misc/misc/cryptoapi/article.php/c8195/Portable-Cryptography-API-for-Triple-DES.htm C and C++ implementations |
Cyphre 18-Jan-2013 [663] | thanks, have that one in the candidates list as well |
BrianH 18-Jan-2013 [664] | The time protocol mentioned in Vanity seems to need a change in design. There should never be a need for READ to have an /args option - that is what the path and query stuff are for. Instead of this: read/args time://time.nist.gov [ GMT ] it should be this: read time://time.nist.gov/gmt |
Andreas 18-Jan-2013 [665] | `There should never be a need for READ to have an /args option - that is what the path and query stuff are for` That's obviously problematic for systems which already make use of URLs including path and query components. |
BrianH 18-Jan-2013 [666] | Are you talking about HTTP, the only scheme that has query and paths built into the URL spec standard? Because we have WRITE for that situation. For other schemes, we can define our own meaning of the query (and in some cases path) so we don't break the model. |
GrahamC 18-Jan-2013 [667x3] | read time://time.nist.gov/gmt implies to me that there is such a url when there isn't |
or that they have such a REST service when they don't | |
write http://www.rebol.com[ HEAD ] is not a write but a read | |
BrianH 18-Jan-2013 [670] | Actually, it's sending a message to that server to which it is replying, but let's not quibble. We have other functions to get the head if you prefer. |
GrahamC 18-Jan-2013 [671] | I think you mentioned above that write should be used for non idempotent actions and read for the idempotent ones. |
BrianH 18-Jan-2013 [672x2] | There are more port actions than just WRITE and READ. Don't limit yourself to just those two. Most of the metadata operations for HTTP-like schemes are handled by QUERY. |
Or they would be if the scheme were fully implemented, as the http scheme in R3 is not. | |
GrahamC 18-Jan-2013 [674] | Query doesn't take arguments except the port |
BrianH 18-Jan-2013 [675] | And the mode, and it can take a url! or block spec. But there are other url! and port! actions than just those 3. |
GrahamC 18-Jan-2013 [676x2] | So, what should query do in the prot-http? |
It's hard to know how things are supposed to be written when the only example we have is apparently incomplete | |
BrianH 18-Jan-2013 [678] | Agreed. |
GrahamC 18-Jan-2013 [679] | So, it's up to us to decide since no one else is going to tell us |
BrianH 18-Jan-2013 [680x2] | There's a lot we can tell about the intended design by looking at the actions and their options. The actions were pared down deliberately, lowering overhead and getting rid of unnecessary options. Any action that can operate on a port is pert of the interface of ports, and the same goes for URLs. Plus, we have Carl's blogs and docs on the subject. |
And we have people who discussed the design with Carl. | |
Andreas 18-Jan-2013 [682] | There are far more URL schemes which have defined uses for the path/query components. |
older newer | first last |