Re: [Monotone-devel] netsync transport encryption?

[Brian May]

>>>>> "Timothy" == Timothy Brownawell <Timothy> writes:

    Timothy> IIRC part of the problem is that (many/most) ssl
    Timothy> libraries supposedly tend to not get along well with
    Timothy> async sockets, and then there's also the "just use vpn or
    Timothy> a LD_PRELOADed encryption library" argument. So it'd
    Timothy> probably be more of a pain to implement (and maintain)
    Timothy> than to use external tools to provide.

There are various limitations to the work arounds suggested so far:

VPN - extra overhead and installation can be clumsy.

ssh - not everyone wants ssh - there have been serious security issues
with ssh in the past (including security holes that allow obtaining
root access). Also note that it isn't hard to "break-out" of a chroot
or damage other parts of the system even inside a chroot. Also might
be an issue also if you want to sync between windows computers.

LD_PRELOAD - does such a library exist? In any case, might be a
problem on Windows.

So I think built in encryption would be a good thing.
-- 
Brian May <address@hidden>