Thank you for asking. ParrotTalk implements a derivation of ELib’s[1] VATTP[2] Security protocol [3]. As such, it uses a different security model to ensure encryption, different than SSL.
The handshake is lengthy[4] but the connection is more secure with 2048-bit keys. Also, there is no use of man in the Middle by not using certificates and revocation checking.
Finally, it is well specified[5] using ASN.1 definitions of messages and there is both the Squeak/Pharo implementation and a Java implementation for cross-platform ASN.1 rendezvous, so it has basis.
I think I ought to implement a ZdcSecureParrotStream to integrate to Pharo. I was attempting to keep cross-platform, between both Pharo & Squeak along with Java. Squeak can use these ZdcStreams ?
Thank you
Sent from ProtonMail Mobile
Hi Henry.
I decided to ask this questions here.
What the advantage to use your security solution instead of legacy secure sockets which is available in the image? (implemented with ZdcSecureSocketStream)