sockets and encryption

[Paul Nilsson]

On Sun, 24 Nov 2002 19:52:06 -0800 (PST), an infinite amount of
monkeys hijacked the computer of Dave Brueck
<dave at pythonapocrypha.com> and wrote:

>Not necessarily - you can create your own certificate authority and have 
>it issue a certificate for you. On the client side there's a one-line API 
>call to allow certificates from non-authoritative sources.

Hmmm, but the software I'm creating will allow multiple clients and
servers, the servers would have no interaction with each other and
therefore no certificate authority. I suppose I could make every
server into an authority however this is probably no easier than
throwing the code together with pycrypto.

>Not sure what you mean here - it's just a stream of bytes so there's no 
>concept of ASCII or non-ASCII.

The only context I've heard ssl used in (although I'm sure it's used
in a lot of other cases) is people transering *ML code accross the
internet.Since HTML is ascii and XML is unicode I thought this may put
some limitations on what raw data could be sent. I had suspected that
SSL incorporated a unicode layer which could cause problems if I
wanted to send raw bytes (or I would have to converrt them to CDATA).

>Yup. You have complete flexibility to do whatever suits you best, but 
>obviously you'll have to do at least a _tiny_ bit more work to add in 
>security - in this case it's mostly just setup work.
>
>I've been using M2Crypto and have found that it works pretty well for my 
>needs. I spent about half an hour reading through the docs and setting up, 
>and another half hour taking a part one of the examples and wrapping the 
>weird stuff in a module so I don't have to think about it anymore. A one 
>hour investment for basic SSL support is IMO terrific! :)

It sure isn't the clearest module I've used, however it sure beats
doing the work myself :)

Cheers, Paul