From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: <5595227C.4090504@tfwno.gf> <6CA49D5A-AAE5-433C-AEF4-8497E774681A@9srv.net> Date: Thu, 2 Jul 2015 09:44:43 -0700 Message-ID: From: Skip Tavakkolian To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=001a11421f520851380519e7281c Subject: Re: [9fans] replace p9sk1 with something better(9front) Topicbox-Message-UUID: 5d2d8518-ead9-11e9-9d60-3106f5b1d025 --001a11421f520851380519e7281c Content-Type: text/plain; charset=UTF-8 isn't it settled that keeping of secrets and exchange thereof are the domain of factotum? On Thu, Jul 2, 2015 at 6:14 AM, Charles Forsyth wrote: > I hadn't looked at the "bounties" page recently. It includes > > "improve the tls(3) device $10 - The TLS device implements the record > layer protocols of Transport Layer Security version 1.0 and Secure Sockets > Layer version 3.0. It does not implement the handshake protocols, which are > responsible for mutual authentication and key exchange. Wanted: more > ciphers, support for user certificates, support for certificate > verification. ECDSA! ECDHE!" > > I think that I'd avoid putting the negotiation and certificate stuff (as > such) in the kernel device. > > > On 2 July 2015 at 13:57, Charles Forsyth > wrote: > >> >> On 2 July 2015 at 13:30, Anthony Sorace wrote: >> >>> The p9sk1 *model* is great, and it'd be a real shame to drop it. >> >> >> There always seems to be trouble setting it up, which suggests that the >> documentation people typically first see might need revising >> (or better pointers if it exists but people don't find it). >> > > --001a11421f520851380519e7281c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
isn't it settled that keeping of secrets and exchange = thereof are the domain of factotum?


On Thu, Jul 2, 2015 at 6:14 AM, Char= les Forsyth <charles.forsyth@gmail.com> wrote:
I hadn't looked at the &q= uot;bounties" page recently. It includes

"improve t= he tls(3) device $10 - The TLS device implements the record layer protocols= of Transport Layer Security version 1.0 and Secure Sockets Layer version 3= .0. It does not implement the handshake protocols, which are responsible fo= r mutual authentication and key exchange. Wanted: more ciphers, support for= user certificates, support for certificate verification. ECDSA! ECDHE!&quo= t;

I think that I'd avoid putting the negotiation an= d certificate stuff (as such) in the kernel device.


<= div class=3D"gmail_quote">On 2 July 2015 at 13:57, Charles Forsyth <charles.forsyth@gmail.com> wrote:

On 2 July 2015 at 13:30, Anthony Sorace = <a@9srv.net> wrote:
The p9sk1 *model* is great, and= it'd be a real shame to drop it.

There al= ways seems to be trouble setting it up, which suggests that the documentati= on people typically first see might need revising
(or better pointers if it exists but people don't find it).


--001a11421f520851380519e7281c--