sockets and encryption

[Dave Brueck]

On Sun, 24 Nov 2002, Paul Nilsson wrote:

> On Wed, 20 Nov 2002 16:49:27 -0500, an infinite amount of monkeys
> hijacked the computer of Michael Stenner <mstenner at phy.duke.edu> and
> wrote:
> 
> 
> >Would SSL work for you?  That's basically made to do exactly what you
> >describe, no?
> 
> Doesn't ssl involve getting a certificate?

Not necessarily - you can create your own certificate authority and have 
it issue a certificate for you. On the client side there's a one-line API 
call to allow certificates from non-authoritative sources.

> I'm also not sure of other restraints that may be present, such as non
> ascii data.

Not sure what you mean here - it's just a stream of bytes so there's no 
concept of ASCII or non-ASCII.

> I'd rather just open a socket and push a raw bytestream
> without having to conform to a standard :)

Yup. You have complete flexibility to do whatever suits you best, but 
obviously you'll have to do at least a _tiny_ bit more work to add in 
security - in this case it's mostly just setup work.

I've been using M2Crypto and have found that it works pretty well for my 
needs. I spent about half an hour reading through the docs and setting up, 
and another half hour taking a part one of the examples and wrapping the 
weird stuff in a module so I don't have to think about it anymore. A one 
hour investment for basic SSL support is IMO terrific! :)

-Dave