[Twisted-Python] Random Thinking

Wed Jul 16 06:06:12 EDT 2003

On 16 Jul 2003, Omar Kilani <ok at mailcall.com.au> wrote:

> The Perspective Broker documentation states that it's "secure". 

That means that malicious clients can't [hopefully] compromise servers,
and malicious servers can't compromise clients. That has nothing
to do with SSL. In fact, one day I intend to write a long rant
about why cryptography has little to do with security.

> How is it secure? Does it run over SSL? Can it? 

It can run over SSL, yes. listenSSL and getObjectAtSSL work
well enough for that.

> Am I able to reject connections with untrusted SSL certificates? 

You'd need to work a little bit for that. I estimate an overhead
of about 10 lines compared to what you had to do if we actually
engineered it correctly :(
[Summary: inherit from pb.Broker to do that check in connectionMade,
inherit from pb.BrokerFactoy to build your inherited Broker rather
than pb.Broker]

> Am I able to trust certificates programmatically? I want give the client
> a list of servers that are untrusted, and when the user clicks 'Trust',
> the connection is then permitted.

This is probably an issue of pyOpenSSL, because that's the underlying
layer for what Twisted uses. You will also probably want to save it
somewhere: Twisted is somewhat  on this issue. You will need to decide
where to save. Of course, files work :)

> Is it possible to multicast from server --> n*client? 

Not with PB. PB is TCP based, multicast is UDP based. Twisted does
support UDP, but you'll have to build your own layer on top of it.
Of course, you can still use jelly, which is the secure marshaller used
internally by PB. Of course, UDP is inherently insecure in that
malicious meddlers can do whatever they want to it [listen in, capture
packets, etc.] You can, of course, encrypt/sign the jellied packets
you multicast using packages like pycrypto.

> Can I call methods on the client from the server? (so that the server
> can push information to the client asynchronously.)

Yes.
You should probably convince yourself to stop saying the word "server"
or "client". There's little difference between them, except the server
gives the client an initial object reference.

> How's the stability of the GTK2 compatible Perspective Broker code in
> Twisted?

There's no relationship between GTK2 and PB. GTK2 looks to Twisted like
a reactor -- basically, something very low-level, pushing the bits.
Perspective Broker is all protocol-level code, which means it only
cares someone is pushing the bits. Of course, there are specific GUI
classes for PB-based authentication, but there is a good chance you
won't want them.

> Has anyone ever attempted to integrate Spread (www.spread.org) with
> Twisted and use it as the transport?

Not to my knowledge.

-- 
Moshe Zadka -- http://moshez.org/
Buffy: I don't like you hanging out with someone that... short.
Riley: Yeah, a lot of young people nowadays are experimenting with shortness.
Agile Programming Language -- http://www.python.org/