[Twisted-Python] Securing a custom protocol

Brian Granger bgranger at scu.edu
Sat Jan 7 13:02:46 EST 2006

On Jan 4, 2006, at 7:34 AM, Itamar Shtull-Trauring wrote:

> On Tue, 2005-12-27 at 09:36 -0800, Brian Granger wrote:
>> Hi,
>> I have written a custom line based protocol using twisted.  I need to
>> add authentication and encryption to my protocol and I am wondering
>> what the best route is.  Here are some options that I see:
>> 1.  Use SSL for encryption and cred for user authentication
>> 2.  Use SSH through conch
>> As I understand it, both of these approaches can do authentication
>> and encryption of any protocol.  What are the advantages and
>> disadvantages or each?  Which is more robust and supported in
>> twisted?  Are there other approaches in twisted that I am missing?
> Stick to SSL (or really TLS, improved SSL). It gives you better
> interoperability (since you can support TLS more easily in other
> implementations), is easier to setup (just connectSSL or  
> listenSSL), and
> it's what TLS was designed for.
> Authentication is a whole 'nother topic; you can use SSL certificates,
> or pass usernames/passwords in the protocol (look up the SRP
> authentication protocol for that if you intend to support non- 
> encrypted
> connections). Cred just gives you twisted-side infrastructure, it
> doesn't have protocol-level support.

Thanks, I was hoping it was that simple.

I will definitely look into SRP for non-encrypted connections.

> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

More information about the Twisted-Python mailing list