[Home] [Groups] - Message: [Prev in Group] [Next in Group]

nu.kanga.list.mud-dev

21106: Re: [MUD-Dev] SSL vs. SASL (was: UDP Revisted)

[Full Header] [Plain Text]
From: Bruce Mitchener <bruce@puremagic.com>
Newsgroups: nu.kanga.list.mud-dev
Date: Tue, 16 Oct 2001 12:06:27 -0600
References: [1] [2] [3] <-newest
Organization: Kanga.Nu
amanda@alfar.com wrote:

> For example, let's say you want to use SSL for connection setup
> and "lobby" stuff, so that you don't have to reinvent that wheel
> (and once you have an established SSL connection, can exchange a
> key for encrypting game data).  This way you can offload the SSL
> processing to a hardware SSL accelerator without investing a lot
> of time and energy into that aspect of the problem.  For this,
> TCP's the way to go--reinventing SSL over UDP would not bring you
> any benefit.


Have you looked at SASL?

 From http://asg.web.cmu.edu/sasl/:

     SASL is the Simple Authentication and Security Layer, a method
     for adding authentication support to connection-based
     protocols. To use SASL, a protocol includes a command for
     identifying and authenticating a user to a server and for
     optionally negotiating protection of subsequent protocol
     interactions. If its use is negotiated, a security layer is
     inserted between the protocol and the connection.

I'm not sure if it would map well onto a UDP-based protocol (it
would depend on the semantics of that protocol), but it might be
something better suited than trying to reinvent SSL-over-UDP.

SASL is an IETF standard and is being used in some other protocols
to provide authentication facilities (like the BEEP protocol).

  - Bruce

_______________________________________________
MUD-Dev mailing list
MUD-Dev@kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev