Hi all,
I am happy to announce the release of version 3.5 of ParrotTalk, for Squeak and Pharo, found here:
http://www.squeaksource.com/Cryptography/ParrotTalk-zzz.2.mcz
It follows this specification: https://github.com/ZiroZimbarra/callistohouse/blob/master/docs/ParrotTalkFra...
One item of note, in version 3.5, the system connecting to a server, sending the IWant msg, must know the vatId of the system being connected to. I am considering changing this to version 3.6 by removing one round-trip in messaging. Therefore, these messages would be combined: IWant/GiveInfo, IAm/ReplyInfo. I will keep ProtocolOffered and ProtocolAccepted to allow eLindaSession to support both versions: 3.5 and 3.6.
Thoughts please?
- HH
Hi Henry. I decided to ask this questions here.
What the advantage to use your security solution instead of legacy secure sockets which is available in the image? (implemented with ZdcSecureSocketStream)
2017-10-24 18:33 GMT+02:00 henry henry@callistohouse.club:
Hi all,
I am happy to announce the release of version 3.5 of ParrotTalk, for Squeak and Pharo, found here:
http://www.squeaksource.com/Cryptography/ParrotTalk-zzz.2.mcz
It follows this specification: https://github.com/ZiroZimbarra/callistohouse/blob/master/docs/ ParrotTalkFrameDesign-3.5.pdf
One item of note, in version 3.5, the system connecting to a server, sending the IWant msg, must know the vatId of the system being connected to. I am considering changing this to version 3.6 by removing one round-trip in messaging. Therefore, these messages would be combined: IWant/GiveInfo, IAm/ReplyInfo. I will keep ProtocolOffered and ProtocolAccepted to allow eLindaSession to support both versions: 3.5 and 3.6.
Thoughts please?
- HH
Thank you for asking. ParrotTalk implements a derivation of ELib’s[1] VATTP[2] Security protocol [3]. As such, it uses a different security model to ensure encryption, different than SSL.
The handshake is lengthy[4] but the connection is more secure with 2048-bit keys. Also, there is no use of man in the Middle by not using certificates and revocation checking.
Finally, it is well specified[5] using ASN.1 definitions of messages and there is both the Squeak/Pharo implementation and a Java implementation for cross-platform ASN.1 rendezvous, so it has basis.
I think I ought to implement a ZdcSecureParrotStream to integrate to Pharo. I was attempting to keep cross-platform, between both Pharo & Squeak along with Java. Squeak can use these ZdcStreams ?
Thank you
[1] - http://erights.org/elib/index.html [2] - http://erights.org/elib/distrib/vattp/index.html [3] - http://erights.org/elib/distrib/vattp/DataComm_startup.html [4] - http://jmp.sh/OqlYpyg [5] - http://jmp.sh/VRejS2g
Sent from ProtonMail Mobile
On Fri, Nov 17, 2017 at 09:41, Denis Kudriashov dionisiydk@gmail.com wrote:
Hi Henry. I decided to ask this questions here.
What the advantage to use your security solution instead of legacy secure sockets which is available in the image? (implemented with ZdcSecureSocketStream)
2017-10-24 18:33 GMT+02:00 henry henry@callistohouse.club:
Hi all,
I am happy to announce the release of version 3.5 of ParrotTalk, for Squeak and Pharo, found here:
http://www.squeaksource.com/Cryptography/ParrotTalk-zzz.2.mcz
It follows this specification: https://github.com/ZiroZimbarra/callistohouse/blob/master/docs/ParrotTalkFra...
One item of note, in version 3.5, the system connecting to a server, sending the IWant msg, must know the vatId of the system being connected to. I am considering changing this to version 3.6 by removing one round-trip in messaging. Therefore, these messages would be combined: IWant/GiveInfo, IAm/ReplyInfo. I will keep ProtocolOffered and ProtocolAccepted to allow eLindaSession to support both versions: 3.5 and 3.6.
Thoughts please?
- HH
On 17 Nov 2017, at 16:00, henry henry@callistohouse.club wrote:
Thank you for asking. ParrotTalk implements a derivation of ELib’s[1] VATTP[2] Security protocol [3]. As such, it uses a different security model to ensure encryption, different than SSL.
The handshake is lengthy[4] but the connection is more secure with 2048-bit keys. Also, there is no use of man in the Middle by not using certificates and revocation checking.
Finally, it is well specified[5] using ASN.1 definitions of messages and there is both the Squeak/Pharo implementation and a Java implementation for cross-platform ASN.1 rendezvous, so it has basis.
I think I ought to implement a ZdcSecureParrotStream to integrate to Pharo.
Yes, that should be doable. Study the relationship between ZdcSecureSocketStream and ZdcPluginSSLSession. Apart from setup and bookkeeping, the key methods are #encrypt:from:to:into and #decrypt:from:to:into: SSL adds client side #connect and server side #accept
I was attempting to keep cross-platform, between both Pharo & Squeak along with Java. Squeak can use these ZdcStreams ?
These were not written with cross platform portability as a goal.
Thank you
[1] - http://erights.org/elib/index.html [2] - http://erights.org/elib/distrib/vattp/index.html [3] - http://erights.org/elib/distrib/vattp/DataComm_startup.html [4] - http://jmp.sh/OqlYpyg [5] - http://jmp.sh/VRejS2g
Sent from ProtonMail Mobile
On Fri, Nov 17, 2017 at 09:41, Denis Kudriashov dionisiydk@gmail.com wrote:
Hi Henry. I decided to ask this questions here.
What the advantage to use your security solution instead of legacy secure sockets which is available in the image? (implemented with ZdcSecureSocketStream)
2017-10-24 18:33 GMT+02:00 henry henry@callistohouse.club: Hi all,
I am happy to announce the release of version 3.5 of ParrotTalk, for Squeak and Pharo, found here:
http://www.squeaksource.com/Cryptography/ParrotTalk-zzz.2.mcz
It follows this specification: https://github.com/ZiroZimbarra/callistohouse/blob/master/docs/ParrotTalkFra...
One item of note, in version 3.5, the system connecting to a server, sending the IWant msg, must know the vatId of the system being connected to. I am considering changing this to version 3.6 by removing one round-trip in messaging. Therefore, these messages would be combined: IWant/GiveInfo, IAm/ReplyInfo. I will keep ProtocolOffered and ProtocolAccepted to allow eLindaSession to support both versions: 3.5 and 3.6.
Thoughts please?
- HH
-- Sven Van Caekenberghe - mailto:sven@beta9.be Beta Nine - software engineering - http://www.beta9.be
Thank you for the orientation in the Zdc code, Sven. You state that cross-platform portability was not a goal. Shouldn't it be? Couldn't it be? Wouldn't it be? It would be awefully good to bring Squeak along into the Cloud. Just saying.
- HH
-------- Original Message -------- Subject: Re: [squeak-dev] [ANNOUNCE] ParrotTalk release/design change considerations Local Time: November 17, 2017 10:14 AM UTC Time: November 17, 2017 3:14 PM From: sven@betanine.be To: henry henry@callistohouse.club, The general-purpose Squeak developers list squeak-dev@lists.squeakfoundation.org Denis Kudriashov dionisiydk@gmail.com
On 17 Nov 2017, at 16:00, henry henry@callistohouse.club wrote: Thank you for asking. ParrotTalk implements a derivation of ELib’s[1] VATTP[2] Security protocol [3]. As such, it uses a different security model to ensure encryption, different than SSL. The handshake is lengthy[4] but the connection is more secure with 2048-bit keys. Also, there is no use of man in the Middle by not using certificates and revocation checking. Finally, it is well specified[5] using ASN.1 definitions of messages and there is both the Squeak/Pharo implementation and a Java implementation for cross-platform ASN.1 rendezvous, so it has basis. I think I ought to implement a ZdcSecureParrotStream to integrate to Pharo.
Yes, that should be doable. Study the relationship between ZdcSecureSocketStream and ZdcPluginSSLSession. Apart from setup and bookkeeping, the key methods are #encrypt:from:to:into and #decrypt:from:to:into: SSL adds client side #connect and server side #accept
I was attempting to keep cross-platform, between both Pharo & Squeak along with Java. Squeak can use these ZdcStreams ?
These were not written with cross platform portability as a goal.
Thank you [1] - http://erights.org/elib/index.html [2] - http://erights.org/elib/distrib/vattp/index.html [3] - http://erights.org/elib/distrib/vattp/DataComm_startup.html [4] - http://jmp.sh/OqlYpyg [5] - http://jmp.sh/VRejS2g Sent from ProtonMail Mobile On Fri, Nov 17, 2017 at 09:41, Denis Kudriashov dionisiydk@gmail.com wrote:
Hi Henry. I decided to ask this questions here. What the advantage to use your security solution instead of legacy secure sockets which is available in the image? (implemented with ZdcSecureSocketStream) 2017-10-24 18:33 GMT+02:00 henry henry@callistohouse.club: Hi all, I am happy to announce the release of version 3.5 of ParrotTalk, for Squeak and Pharo, found here: http://www.squeaksource.com/Cryptography/ParrotTalk-zzz.2.mcz It follows this specification: https://github.com/ZiroZimbarra/callistohouse/blob/master/docs/ParrotTalkFra... One item of note, in version 3.5, the system connecting to a server, sending the IWant msg, must know the vatId of the system being connected to. I am considering changing this to version 3.6 by removing one round-trip in messaging. Therefore, these messages would be combined: IWant/GiveInfo, IAm/ReplyInfo. I will keep ProtocolOffered and ProtocolAccepted to allow eLindaSession to support both versions: 3.5 and 3.6. Thoughts please?
- HH
Sven Van Caekenberghe - mailto:sven@beta9.be Beta Nine - software engineering - http://www.beta9.be
squeak-dev@lists.squeakfoundation.org