On Fri, Jan 27, 2006 at 03:21:06PM -0800, Scott Lamb wrote:
> I've got more changes on my to-do list, but I want to ensure I'm
> making my changes against the right branch.
>
> * I'm working with trunk now. I don't think its TCP tunneling is as
> secure as the UDP tunneling. It looks like its IVs and HMACs are
> added and verified in send_udppacket and receive_udppacket. The TCP
> connection encrypts but doesn't have these anti-modification
> features. (Right?)
Correct, although modification of the TCP stream will create garbled
plaintext upon decryption, and then tinc will close the connection.
> * The 1.0-gnutls branch lets gnutls take care of encryption for the
> TCP connection. I'm confident this is secure.
It is as secure as TLS is :)
> * The 2.0 branch appears to be all reorganized but not functional
> yet. A couple recent changes.
Correct.
> * POKEY and pre4-cube are stagnant.
Correct.
> My guess is that the 1.0-gnutls branch is going to be merged into
> trunk sometime soon? Will 2.0 be using gnutls?
The 1.0-gnutls branch will not be merged with the trunk, it is not
compatible with the protocol used in tinc 1.x. It is more of a
"proof-of-concept". 2.0 will definitely be using GNUTLS.
If you want I can create a branch for you where you have commit rights.
I can merge your changes back to the trunk once I reviewed them.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20060128/d060b3e5/attachment.pgp