Re: [Monotone-devel] netsync transport encryption?

[Timothy Brownawell]

On Wed, 2006-10-25 at 10:36 +1000, Brian May wrote:
> >>>>> "Timothy" == Timothy Brownawell <Timothy> writes:
> 
>     Timothy> IIRC part of the problem is that (many/most) ssl
>     Timothy> libraries supposedly tend to not get along well with
>     Timothy> async sockets, and then there's also the "just use vpn or
>     Timothy> a LD_PRELOADed encryption library" argument. So it'd
>     Timothy> probably be more of a pain to implement (and maintain)
>     Timothy> than to use external tools to provide.
> 
> There are various limitations to the work arounds suggested so far:
> 
> VPN - extra overhead and installation can be clumsy.

Yeah, but if your code is secret enough that you're worried about people
using packet sniffing to get at deltas (not even complete files), then
you probably already *have* a VPN set up to redirect everything you do
through the corporate firewall anyway...

> So I think built in encryption would be a good thing.

Yes, not everyone will (easily) be able to use those alternatives. But
AIUI it'd also be a horrible pain to implement, so instead people are
working on things that are more requested and/or easier to do. If
someone happened across an easy way to build in encryption, I'm sure
we'd start using it pretty readily.

-- 
Timothy

Free (experimental) public monotone hosting: http://mtn-host.prjek.net