Thank you for asking. ParrotTalk implements a derivation of ELib’s[1] VATTP[2] Security protocol [3]. As such, it uses a different security model to ensure encryption, different than SSL. 

The handshake is lengthy[4] but the connection is more secure with 2048-bit keys. Also, there is no use of man in the Middle by not using certificates and revocation checking. 

Finally, it is well specified[5] using ASN.1 definitions of messages and there is both the Squeak/Pharo implementation and a Java implementation for cross-platform ASN.1 rendezvous, so it has basis.

I think I ought to implement a ZdcSecureParrotStream to integrate to Pharo. I was attempting to keep cross-platform, between both Pharo & Squeak along with Java. Squeak can use these ZdcStreams ?

Thank you

[1] - http://erights.org/elib/index.html
[2] - http://erights.org/elib/distrib/vattp/index.html
[3] - http://erights.org/elib/distrib/vattp/DataComm_startup.html
[4] - http://jmp.sh/OqlYpyg
[5] - http://jmp.sh/VRejS2g


Sent from ProtonMail Mobile


On Fri, Nov 17, 2017 at 09:41, Denis Kudriashov <dionisiydk@gmail.com> wrote:
Hi Henry.
I decided to ask this questions here.

What the advantage to use your security solution instead of legacy secure sockets which is available in the image? (implemented with ZdcSecureSocketStream)

2017-10-24 18:33 GMT+02:00 henry <henry@callistohouse.club>:
Hi all,

I am happy to announce the release of version 3.5 of ParrotTalk, for Squeak and Pharo, found here:


It follows this specification:

One item of note, in version 3.5, the system connecting to a server, sending the IWant msg, must know the vatId of the system being connected to. I am considering changing this to version 3.6 by removing one round-trip in messaging. Therefore, these messages would be combined: IWant/GiveInfo, IAm/ReplyInfo. I will keep ProtocolOffered and ProtocolAccepted to allow eLindaSession to support both versions: 3.5 and 3.6.

Thoughts please?

- HH