[dcc2] Negotiation draft: Encryption + compression

Dan Smith dan at algenta.com
Thu Apr 29 20:09:45 EDT 2004 

As for encryption and compression, these are handled in the negotiation and 
the transport doesn't (shouldn't) have an affect on our multi-file, single 
file, or chat protocols.  The draft currently doesn't mention compression, 
we can add a Compression= token, and investigate a way to allow dcc2 
connections to use an optional streaming compression.  Suggestions on the 
compression to use?  Please remember that it must be usable as a stream, as 
dcc2 sends (currently) rely on exact file sizes to be specified.

Important Reminder:
===================
Also, an important note to remember.  DCC2 negotiation can be added to a 
client without adding any additional features or dependances (besides dcc2 
negotiation parsing of course).   The "negotiation" allows the clients to 
agree on a most common set of features to use.

A user can specify to only dcc2 chat with an encrypted connection, and if 
the other client doesn't support it, the user will be told she can not use 
a secure connection.

This is the strength of DCC2, the feature negotiation process.

About encryption:
=================
Riley told me a story the other week about a pgp signing party at UIUC 
where people looked at each other's drivers licenses and then signed each 
others keys.

SSL/TLS will be in the draft, and client authors and users can determine 
how certificates are bought/generated/obtained.  Certificated have 
fingerprints, and those can be checked by the client/security conscious 
user.  Security is hard, but Certificate Authorities are the "best we have" 
without shared known keys.  Who says a client author can't be a CA for 
their own client too?  As long as there is a trust of the signer, or trust 
in the fingerprint, ssl/tls should be "ok".

There can be more encryption options listed in our protocol, blowfish has 
been suggested.  My only concern is feature creep, I know many authors will 
not implement 10 types of encrypted transfer (same fear for 
compression).  Let's decide on at most one or two besides SSL/TLS to be 
listed in the initial version of the negotiation draft, and specify how 
they will be implemented.

Cheers!
Dan

---------------------------
Dan Smith
+1 608-213-2867
Algenta Technologies, LLC

More information about the dcc2 mailing list