c++ - RFC /advice: On secure/unsecure rpc/event-stream protocol design -

-

ssl seems quite bloated want do, , have passionate hatred openssl (nss might useable). need open tcp channel between 2 nodes used rpc / encrypted rpc / event streams / encrypted event streams. using protocol buffers define , multiplex different traffic sources.

i don't want use ssl start with. need authenticated secure key-establishment (authenticated diffie-hellman) , perhaps block-cipher based stream object encypher , decypher encrypted event streams , encrypted rpc.

the first thought had was, save coding time , design time building on ssl implementation, provided can socket handle ssl implementation , use unencrypted exchanges encrypted exchanges. end ugly implementation, , know doing might incompatible ssl protocol (i.e., strong-coupling between tcp state , ssl state).

the second thought had was, save coding time , design time opening multiple sockets. know multi-socket protocol design evil.

the third thought was, i'll encrypt everything, service in question serves in capacity of high performance event switch , has database server running on same machine well. overhead of approach doesn't satisfy majority of traffic cleartext.

so, these approaches don't seem satisfactory me. therefore, have come conclusion using cryptopp , boost::asio can roll own solution , construct own protocol (which have do). pretty capable systems programmer , have engineers understanding applying encryption techniques.

i reuse, , in case wish reuse ssl, don't think can. advice can give me experience in similar situations (you must have designed or worked on network protocol) appreciated. advice makes biggest impression on me gets tick.:d

p.s., application needs perform exotic encryption pulling in cryptopp anyway.

you can re-use ssl - there no untoward coupling tcp state. can use ssl on underlying stream like, dependency must two-way.

the simplest way use ssl library allows provide own send/receive functions called ssl library when has encrypted-side data send or receive. implement these functions wrapping ssl data within special frames within own underlying protocol.

(i familiar how openssl library - ssl_set_bio() function - sure other ssl implementations allow similar).

note though computation overhead of key-agreement part of protocol - whether done through ssl or roll-your-own - far outweigh actual block cipher encryption/decryption, "encrypt everything" may not of loss expect.


Comments

Post a Comment

Popular posts from this blog

python - Scipy curvefit RuntimeError:Optimal parameters not found: Number of calls to function has reached maxfev = 1000 -

-
Image
i want make logharitmic fit. keep getting runtime error: optimal parameters not found: number of calls function has reached maxfev = 1000 i use following script. can tell me go wrong? use spyder still beginner. import math import matplotlib mpl scipy.optimize import curve_fit import numpy np #data f1=[735.0,696.0,690.0,683.0,680.0,678.0,679.0,675.0,671.0,669.0,668.0,664.0,664.0] t1=[1,90000.0,178200.0,421200.0,505800.0,592200.0,768600.0,1036800.0,1371600.0,1630800.0,1715400.0,2345400.0,2409012.0] f1n=np.array(f1) t1n=np.array(t1) plt.plot(t1,f1,'ro',label="original data") # curvefit def func(t,a,b): return a+b*np.log(t) t=np.linspace(0,3600*24*28,13) popt, pcov = curve_fit(func, t, f1n, maxfev=1000) plt.plot(t, func(t, *popt), label="fitted curve") plt.legend(loc='upper left') plt.show() your original data t1 , f1 . therefore curve_fit should given t1 second argument, not t . popt, pcov = curve_fit(func,
Read more

c# - How to add a new treeview at the selected node? -

-
i have treeview 4 levels; parent, child, grandchild, great-grandchild. selectednode @ grandchild level. what i'm trying create new "treeview" @ grandchild - no, dont wnat create new node "selectednode" (grandchild). should somelike this: parent child grandchild (new treeview) parent grandchild great-grandchild child great-grandchild child grandchild grandchild it similar parent table mother , father went off , had new childern different spouse other spouse of there existing children. private sub populaterootlevel() ' query find first round of parent populatenodes(dt, jcatreeview.nodes) end sub private sub populatenodes(byval dt datatable, byval nodes treenodecollection) each dr datarow in dt.rows dim tn new treenode() tn.text = dr("title").tostring()
Read more

java - netbeans "Please wait - classpath scanning in progress..." -

-
when try compile netbeans projects message/error : "please wait - classpath scanning in progress..." and nothing happens , have have wait enternity conmpile "hello world"... now first thing have moved new office building, laptop same. it's secure enviroment lot of "security", can't connect anywhere almost. have changed user dir in netbeans.conf save data in c:\program files\user any ideas how fix this? alrady tried reinstalling netbeans, changing save location between standart , newone... just ideas find problem look @ cpu - netbeans busy (100% on 1 core) or blocking (95% idle)? standard, ant or maven build? libraries , use absolute or relative paths? start simple "hello world" project (no dependencies), add 1 lib (log4j or similiar), located in project folder , - if works - move lib other locations (choose locations similiar libs on real classpath) there chance, don't have access rights folders/shares conta
Read more