<div>Thank you for asking. ParrotTalk implements a derivation of ELib’s[1] VATTP[2] Security protocol [3]. As such, it uses a different security model to ensure encryption, different than SSL. </div>
<div>
<br />
</div>
<div>The handshake is lengthy[4] but the connection is more secure with 2048-bit keys. Also, there is no use of man in the Middle by not using certificates and revocation checking. </div>
<div>
<br />
</div>
<div>Finally, it is well specified[5] using ASN.1 definitions of messages and there is both the Squeak/Pharo implementation and a Java implementation for cross-platform ASN.1 rendezvous, so it has basis.</div>
<div>
<br />
</div>
<div>I think I ought to implement a ZdcSecureParrotStream to integrate to Pharo. I was attempting to keep cross-platform, between both Pharo & Squeak along with Java. Squeak can use these ZdcStreams ?</div>
<div>
<br />
</div>
<div>Thank you</div>
<div>
<br />
</div>
<div>[1] - <a href="http://erights.org/elib/index.html" style="font-size: 1em;">http://erights.org/elib/index.html</a>
</div>
<div>[2] - <a href="http://erights.org/elib/distrib/vattp/index.html" style="font-size: 1em;">http://erights.org/elib/distrib/vattp/index.html</a>
</div>
<div>[3] - <a href="http://erights.org/elib/distrib/vattp/DataComm_startup.html" style="font-size: 1em;">http://erights.org/elib/distrib/vattp/DataComm_startup.html</a>
</div>
<div>[4] - <a href="http://jmp.sh/OqlYpyg" style="font-size: 1em;">http://jmp.sh/OqlYpyg</a>
</div>
<div>[5] - <a href="http://jmp.sh/VRejS2g" style="font-size: 1em;">http://jmp.sh/VRejS2g</a>
</div>
<div>
<br />
</div>
<div>
<br />
</div>
<div id="protonmail_mobile_signature_block">Sent from ProtonMail Mobile</div>
<div>
<br />
<div>
<div>
<br />
</div>On Fri, Nov 17, 2017 at 09:41, Denis Kudriashov <<a href="mailto:dionisiydk@gmail.com" class="">dionisiydk@gmail.com</a>> wrote:</div>
<blockquote class="protonmail_quote" type="cite">
<div dir="ltr">Hi Henry.
<div>I decided to ask this questions here.</div>
<div>
<br />
</div>
<div>What the advantage to use your security solution instead of legacy secure sockets which is available in the image? (implemented with ZdcSecureSocketStream)</div>
</div>
<div class="gmail_extra">
<br />
<div class="gmail_quote">2017-10-24 18:33 GMT+02:00 henry <span dir="ltr"><<a href="mailto:henry@callistohouse.club" target="_blank">henry@callistohouse.club</a>></span>:
<br />
<blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204);">
<div>Hi all,</div>
<div>
<br />
</div>
<div>I am happy to announce the release of version 3.5 of ParrotTalk, for Squeak and Pharo, found here:</div>
<div>
<br />
</div>
<div><a href="http://www.squeaksource.com/Cryptography/ParrotTalk-zzz.2.mcz" target="_blank">http://www.squeaksource.com/<wbr>Cryptography/ParrotTalk-zzz.2.<wbr>mcz</a>
<br />
</div>
<div>
<br />
</div>
<div>It follows this specification:</div>
<div><a href="https://github.com/ZiroZimbarra/callistohouse/blob/master/docs/ParrotTalkFrameDesign-3.5.pdf" target="_blank">https://github.com/<wbr>ZiroZimbarra/callistohouse/<wbr>blob/master/docs/<wbr>ParrotTalkFrameDesign-3.5.pdf</a>
<br />
</div>
<div>
<br />
</div>
<div>One item of note, in version 3.5, the system connecting to a server, sending the IWant msg, must know the vatId of the system being connected to. I am considering changing this to version 3.6 by removing one round-trip in
messaging. Therefore, these messages would be combined: IWant/GiveInfo, IAm/ReplyInfo. I will keep ProtocolOffered and ProtocolAccepted to allow eLindaSession to support both versions: 3.5 and 3.6.</div>
<div>
<br />
</div>
<div>Thoughts please?</div>
<div>
<br />
</div>
<div class="m_2258111289134810303protonmail_signature_block">- HH</div>
<br />
<br />
<br />
</blockquote>
</div>
<br />
</div>
</blockquote>
</div>