From mboxrd@z Thu Jan  1 00:00:00 1970
MIME-Version: 1.0
In-Reply-To: <7cce8a1dde0616a1f6c3960ed928f0e0@felloff.net>
References: <CAGi9AcbUCjhPEeLQ8M-czhbGyEBc3xMJsYYfM1Gc0LSeSN2Xug@mail.gmail.com>
	<7cce8a1dde0616a1f6c3960ed928f0e0@felloff.net>
Date: Tue, 29 Dec 2015 18:34:49 +0000
Message-ID: <CAOw7k5gn2Zm3nvLCdSN1L1TCEbS1aPnfOLjKMvnnhd1FrtJVVg@mail.gmail.com>
From: Charles Forsyth <charles.forsyth@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Type: multipart/alternative; boundary=001a114436a83bea7205280dad8b
Subject: Re: [9fans] using tls-psk cipher suits vs roll our own handshake
Topicbox-Message-UUID: 7b2e4cbe-ead9-11e9-9d60-3106f5b1d025

--001a114436a83bea7205280dad8b
Content-Type: text/plain; charset=UTF-8

On 25 December 2015 at 03:03, <cinap_lenrek@felloff.net> wrote:

>
> the functionality that is desired is to be able to "negotiate" the
> cipher suits and record layer protocol versions.


I could never work up much enthusiasm for TLS because it is needlessly big
and complex, but still got important things wrong.
I never saw the advantage of TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA as opposed
to exchanging a few bits of text,
allowing easy extension of the protocol to the occasional new protocol.

The main reason for using it for 9P would be to make it easier to
communicate with 9P services running on other platforms,
but my experience with Java was that in the end, the service provider
factories couldn't make anything I wanted to use.
In particular, I couldn't replace the dreadful CA-oriented x.509
certificates and asn.1 by something else. Anything, really.
I also wasn't given planning permission to build my own factory. You get
all the bugs, though.

--001a114436a83bea7205280dad8b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On 25 December 2015 at 03:03,  <span dir=3D"ltr">&lt;<a href=3D"mailto:cina=
p_lenrek@felloff.net" target=3D"_blank">cinap_lenrek@felloff.net</a>&gt;</s=
pan> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0p=
x 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-lef=
t-style:solid;padding-left:1ex"><br>
the functionality that is desired is to be able to &quot;negotiate&quot; th=
e<br>
cipher suits and record layer protocol versions.</blockquote></div><br>I co=
uld never work up much enthusiasm for TLS because it is needlessly big and =
complex, but still got important things wrong.</div><div class=3D"gmail_ext=
ra">I never saw the advantage of=C2=A0<span style=3D"color:rgb(0,0,0);font-=
size:13.3333330154419px">TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA as opposed to ex=
changing a few bits of text,</span></div><div class=3D"gmail_extra"><span s=
tyle=3D"color:rgb(0,0,0);font-size:13.3333330154419px">allowing easy extens=
ion of the protocol to the occasional new protocol.</span></div><div class=
=3D"gmail_extra"><span style=3D"color:rgb(0,0,0);font-size:13.3333330154419=
px"><br></span></div><div class=3D"gmail_extra">The main reason for using i=
t for 9P would be to make it easier to communicate with 9P services running=
 on other platforms,</div><div class=3D"gmail_extra">but my experience with=
 Java was that in the end, the service provider factories couldn&#39;t make=
 anything I wanted to use.</div><div class=3D"gmail_extra">In particular, I=
 couldn&#39;t replace the dreadful CA-oriented x.509 certificates and asn.1=
 by something else. Anything, really.</div><div class=3D"gmail_extra"><div =
class=3D"gmail_extra">I also wasn&#39;t given planning permission to build =
my own factory. You get all the bugs, though.</div></div></div>

--001a114436a83bea7205280dad8b--