[Twisted-Python] Securing a custom protocol

Itamar Shtull-Trauring itamar at itamarst.org
Wed Jan 4 10:34:47 EST 2006


On Tue, 2005-12-27 at 09:36 -0800, Brian Granger wrote:
> Hi,
> 
> I have written a custom line based protocol using twisted.  I need to  
> add authentication and encryption to my protocol and I am wondering  
> what the best route is.  Here are some options that I see:
> 
> 1.  Use SSL for encryption and cred for user authentication
> 
> 2.  Use SSH through conch
> 
> As I understand it, both of these approaches can do authentication  
> and encryption of any protocol.  What are the advantages and  
> disadvantages or each?  Which is more robust and supported in  
> twisted?  Are there other approaches in twisted that I am missing?

Stick to SSL (or really TLS, improved SSL). It gives you better
interoperability (since you can support TLS more easily in other
implementations), is easier to setup (just connectSSL or listenSSL), and
it's what TLS was designed for.

Authentication is a whole 'nother topic; you can use SSL certificates,
or pass usernames/passwords in the protocol (look up the SRP
authentication protocol for that if you intend to support non-encrypted
connections). Cred just gives you twisted-side infrastructure, it
doesn't have protocol-level support.





More information about the Twisted-Python mailing list