[Twisted-Python] Securing a custom protocol
Brian Granger
bgranger at scu.edu
Sat Jan 7 13:02:46 EST 2006
On Jan 4, 2006, at 7:34 AM, Itamar Shtull-Trauring wrote:
> On Tue, 2005-12-27 at 09:36 -0800, Brian Granger wrote:
>> Hi,
>>
>> I have written a custom line based protocol using twisted. I need to
>> add authentication and encryption to my protocol and I am wondering
>> what the best route is. Here are some options that I see:
>>
>> 1. Use SSL for encryption and cred for user authentication
>>
>> 2. Use SSH through conch
>>
>> As I understand it, both of these approaches can do authentication
>> and encryption of any protocol. What are the advantages and
>> disadvantages or each? Which is more robust and supported in
>> twisted? Are there other approaches in twisted that I am missing?
>
> Stick to SSL (or really TLS, improved SSL). It gives you better
> interoperability (since you can support TLS more easily in other
> implementations), is easier to setup (just connectSSL or
> listenSSL), and
> it's what TLS was designed for.
>
> Authentication is a whole 'nother topic; you can use SSL certificates,
> or pass usernames/passwords in the protocol (look up the SRP
> authentication protocol for that if you intend to support non-
> encrypted
> connections). Cred just gives you twisted-side infrastructure, it
> doesn't have protocol-level support.
>
Thanks, I was hoping it was that simple.
I will definitely look into SRP for non-encrypted connections.
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
More information about the Twisted-Python
mailing list