[Twisted-Python] AutobahnPython 0.6.3 - WebSocket compression and more
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Sun Oct 6 15:26:29 MDT 2013
On 02:51 pm, tobias.oberstein at tavendo.de wrote:
>>.. , since I like compression but I also send credentials over TLS :)
>
>IMHO, credentials should never be sent over the wire (be it encrypted
>or not) and never be stored in plaintext.
>
>FWIW, Autobahn provides a challenge-response authentication scheme
>("WAMP_CRA") that also allows for salted/hashed passwords
>(pbkdf2-based) for WebSocket/WAMP.
>
>With TLS, and in a Post-Snowden era, how do you know your TLS server
>isn't impersonated and encryption broken?
>
>Personally, I assume root CA private keys of any CA vendor are owned by
>the NSA anyway.
There's no rule that says you have to use a "root CA" signed certificate
for your TLS connections.
Jean-Paul
>Really, TLS is broken.
>
>We need a new scheme. For encryption session keys, Diffie-Hellman is
>available, and provides perfect forward secrecy naturally.
>
>For authentication, we need a peer-based system like PGP has, not
>relying on centrally managed trust.
>
>I know. Not going to happen any time soon ..
>
>/Tobias
More information about the Twisted-Python
mailing list