[114423] in cryptography@c2.net mail archive
Re: Gutmann Soundwave Therapy
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Feb 1 09:27:39 2008
To: "James A. Donald" <jamesd@echeque.com>
Cc: Cryptography <cryptography@metzdowd.com>
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 01 Feb 2008 09:26:09 -0500
In-Reply-To: <47A2DB5B.4050108@echeque.com> (James A. Donald's message of "Fri\, 01 Feb 2008 18\:42\:03 +1000")
"James A. Donald" <jamesd@echeque.com> writes:
>> When tinc 2.0 will ever come out (unfortunately I don't have a lot of
>> time to work on it these days), it will probably use the GnuTLS library
>> and authenticate and connect daemons with TLS. For performance reasons,
>> you want to tunnel network packets via UDP instead of TCP, so hopefully
>> there is a working DTLS implementation as well then.
>
> I have been considering the problem of encrypted channels over UDP or
> IP. TLS will not work for this, since it assumes and provides a
> reliable, and therefore non timely channel, whereas what one wishes to
> provide is a channel where timeliness may be required at the expense
> of reliability.
DTLS does not assume a reliable channel -- it is designed for
applications that use UDP. Perhaps you are not familiar with it.
> I have figured out a solution, which I may post here if you are interested.
With respect, James, I think they'd be better off using DTLS. It was
designed by experts and it shares the same security properties as TLS.
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
