[Cryptography-dev] TLS-API update
Christopher Armstrong
radix at twistedmatrix.com
Sat May 3 21:33:15 CEST 2014
I spent the last few hours going over all of the current feedback on the proposed TLS API.
The current version is here: https://github.com/radix/cryptography/pull/1/files
Major changes:
- I got rid of “negotiate” - ClientTLS.start now begins negotiation.
- This made ClientSession and ServerSession identical, so I merged them into one class, “Session”.
- A lot of error behavior has now been better described.
I specifically want to call into question the existence of the “alert” method. I think it’s too low level for the common use case, and we should just relegate TLS alerts to an implementation detail. If necessary, we can add some contract to verify_callback to make e.g. certain exceptions raised translate to TLS alerts sent to the peer. Any thoughts?
Another thing is we need to figure out some more APIs around certificates, like what methods “Certificate” should have, and how we should allow the user to construct Certificates. (I need to spend some time looking at the new Python “pem” module). Any input here will help.
Please leave any comments you have!
--
Christopher Armstrong
http://twitter.com/radix
http://wordeology.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140503/5456febe/attachment.html>
More information about the Cryptography-dev
mailing list