ewx: (Default)

(no subject)

posted by [personal profile] ewx at 03:05pm on 03/11/2024
Very nice.

> Both sides generate a TLS key and exchange self-signed certs over the ssh pipe between them
> We use those certs to set up a QUIC session between the two

Is there a reason for the heavyweight handoff to QUIC? (i.e. as opposed to using the SSH session to provide shared keying material directly to both endpoints.)
[parent entry] [link] [reply]
crazyscot: Selfie, with C, in front of an alpine lake (Default)

(no subject)

posted by [personal profile] crazyscot at 06:59am on 04/11/2024
Speed of development? :-)

Seriously, I was cobbling stuff together to improve my life. I've already had a useful couple of suggestions from randoms I don't know; I am half expecting to overhaul things pretty thoroughly in time.

QUIC implies TLS (unless I've missed something). Do you mean TLS-PSK or something else? Unfortunately, it seems that rustls doesn't support TLS-PSK at present. I'm not readily sure how quinn (the Rust QUIC implementation) would deal with it either.
[link] [parent] [reply]
ewx: (Default)

(no subject)

posted by [personal profile] ewx at 08:52am on 04/11/2024
Yes, exactly. You're in the "the parties already have a mechanism for setting up a shared secret key, and that mechanism could be used to “bootstrap” a key for authenticating a TLS connection" situation in https://en.wikipedia.org/wiki/TLS-PSK.
[link] [parent] [reply]

November

SunMonTueWedThuFriSat
          1
 
 2
 
3
1
 4
 
 5
 
 6
 
 7
 
 8
 
 9
 
10
 
 11
 
 12
 
 13
 
 14
 
 15
 
 16
 
17
 
 18
 
 19
 
 20
 
 21
 
 22
 
 23
 
24
 
 25
 
 26
 
 27
 
 28
 
 29
 
 30