isn't it settled that keeping of secrets and exchange thereof are the
domain of factotum?


On Thu, Jul 2, 2015 at 6:14 AM, Charles Forsyth <charles.forsyth@gmail.com>
wrote:

> I hadn't looked at the "bounties" page recently. It includes
>
> "improve the tls(3) device $10 - The TLS device implements the record
> layer protocols of Transport Layer Security version 1.0 and Secure Sockets
> Layer version 3.0. It does not implement the handshake protocols, which are
> responsible for mutual authentication and key exchange. Wanted: more
> ciphers, support for user certificates, support for certificate
> verification. ECDSA! ECDHE!"
>
> I think that I'd avoid putting the negotiation and certificate stuff (as
> such) in the kernel device.
>
>
> On 2 July 2015 at 13:57, Charles Forsyth <charles.forsyth@gmail.com>
> wrote:
>
>>
>> On 2 July 2015 at 13:30, Anthony Sorace <a@9srv.net> wrote:
>>
>>> The p9sk1 *model* is great, and it'd be a real shame to drop it.
>>
>>
>> There always seems to be trouble setting it up, which suggests that the
>> documentation people typically first see might need revising
>> (or better pointers if it exists but people don't find it).
>>
>
>