Let's do a GNU TSL

Nikos Mavroyanopoulos nmav@hellug.gr
Thu, 24 Feb 2000 20:08:23 +0200


On Thu, Feb 24, 2000 at 05:28:55PM +0100, Werner Koch wrote:


> > To implement this we need an hmac implementation (i've already done one
> > for libmhash so it is no problem to make that again)
> I also did one which is still in this gsti library used as libgcrypt
> testbed but it will be moved to libgcrypt.
ok.
> > Also a pseudorandom function is needed in order to compute keys (the PRF in
> > the standard).
> Why a pseudorandom function - predictable keys are use in SSL? I
> can't beleive. libgcrypt has a CSPRNG.
No the pseudorandom function here (i think the name is not a good choice) just expands a secret(key). (just like the s2k algorithms in openpgp).
> > Maybe we'll need also a compression algorithm (the standard does not specify any),
> > and rc4( so arcfour), rc2, des, 3des, and idea implementations.
> Are these all MUST algorithms? If they are SHOULD we don't need
> to implement rc2 and idea becuase the are patent encumbered.
no they are not must algorithms. The only must algorithm is 3des. However i do not think rc2 is patented since rfc2268 describes rc2 and does not mention anything about patents. RC4 is used in almost all ssl implementations so i think it is a good thing to have it.
> Nikos, can we take this to the new mailinglist?
I thought i've send that to the mailinglist, i've just forward it!
> Werner
-- Nikos Mavroyanopoulos mailto:nmav@hellug.gr