On Mon, Apr 04, 2005 at 03:22:04PM +0200, Mathieu GIANNECCHINI wrote:
> I'm studying the very interesting tinc's capabilities, especially
with
> the "full mesh networking" approach which is a great feature.
>
> But I wonder about the project activity. I'm very interested with the
> 2.0 wishlist (certificate based authorisation and TLS integration) and I
> would like to know if TINC's development is already active.
At the moment it is not very active. I still have to find some time to
prepare a 1.0.4 release which will include a fix for the switch and hub
modes which broke in 1.0.3. As for 2.0, some code has already been
written, but it is nowhere near being functional yet. It's a complete
rewrite. If you want cert based authentication, have a look at the
1.0-gnutls branch:
http://www.tinc-vpn.org/svn/tinc/branches/1.0-gnutls/
It's a working branch of 1.0.2 which uses GNUTLS and GCrypt instead of
OpenSSL, and also really does authentication via TLS. It might need some
work to properly handle certificate chains, revocation and such though.
As for cert based authorisation: X.509 is really not suited for that,
and even OpenPGP is more about authentication than authorisation. If you
have any ideas about it please let me hear!
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20050406/e5554957/attachment.pgp