[Gm-devel] GM/NNIM Development conversation

[Jesse Lovelace]

Transcript between GM developers, 6/25/02:
...
(12:34:34) AbelssonH: Anyway, there was no way Crypto++ would fit on it 
(only 16mb storage total), i wrote my own crypto code (rsa + idea to be 
specific)
(12:35:00) mentat 409: cool, though crypto++ can be compiled with only 
like 5 sources
(12:36:38) AbelssonH: Turning of Exceptions + RTTI makes the binary *a 
lot* smaller, and i didn't think crypto++ would like to run w/o exceptions.
(12:37:03) mentat 409: you're probably right, exceptions are important to it
(12:37:57) AbelssonH: But i've already decided that implementing my own 
crypto code is probably a dead end. It's too easy to make subtle mistakes
(12:38:36) AbelssonH: Thus, I started looking at openssl
(12:39:27) AbelssonH: But the documentation sucks, and it doesnt 
interact well with a singlethreading select():ing server.
(12:40:14) AbelssonH: So maybe Crypto++ is the right way after all
(12:40:18) AbelssonH: :)
(12:40:25) mentat 409: :>
(12:40:57) mentat 409: well, i'm coding mostly in linux now
(12:41:02) AbelssonH: Do you have a more direct url for ssh2lib?
(12:41:09) mentat 409: yeah one sec
(12:41:41) mentat 409: http://www.bitvise.com/sshlib.html
(12:43:36) AbelssonH: Do you have any idea when it'll be GPLed?
(12:43:43) mentat 409: should be this week
(12:45:58) AbelssonH: so soon? Great
(12:46:21) mentat 409: yeah, i've adapted toc so it should be easy to 
tunnel through aol
(12:47:21) AbelssonH: Have you done any modifications in the server?
(12:47:25) mentat 409: no
(12:48:35) AbelssonH: Hmm.. Can we use sshlib to implement enduser 
messaging encryption?
(12:48:48) mentat 409: what do you mean?
(12:49:53) AbelssonH: Well.. encrypting a message that a user sends so 
that only the recipient can decrypt it
(12:50:32) mentat 409: well, thats what ssh2 does, creates a transport 
layer via keyx
(12:52:34) AbelssonH: keyx is?
(12:52:50) mentat 409: rsa or dsa via Diffe Hillman (sp)
(12:55:42) AbelssonH: Hmm.. there are two different kinds of 
encryption(between client and server, and between client and client) . 
I'm still not sure which one your talking about.
(12:57:03) AbelssonH: Ideally we should have both, but the requirements 
are a bit different
(12:57:46) mentat 409: well, i'm planning to tunnel ssh2 through any 
protocol layer
(12:57:57) mentat 409: like sending it over AIM, peer to peer or what 
have you
(12:58:29) AbelssonH: right. Good. That's exactly what the we want. :)
(12:58:41) mentat 409: :)
(12:58:46) mentat 409: the nice thing is,
(12:58:59) mentat 409: its already created using the crypto++ 
filter/pipline methods
(12:59:28) AbelssonH: But we'll probably want to encrypt the protocol 
layer too (atleast with the protocols we can control: the peer- and kit- 
protocols)
(12:59:32) mentat 409: so we can pump any ssh2 communication into 
anything we want, like a base64 encoder so send over aim
(12:59:51) mentat 409: for peer we can use straight ssh2
(13:00:03) AbelssonH: kit too probably.
(13:00:12) AbelssonH: but that's great.
(13:00:12) mentat 409: yes, most probably
(13:00:54) AbelssonH: We should have a class that handles all the 
message encryption/decryption in the lib/ code.
(13:01:06) mentat 409: i'm trying to write and rewrite my code in a very 
C++ way, using more classing, exceptions, smart pointers and stl
(13:01:16) mentat 409: yes
(13:01:18) mentat 409: we will
(13:01:34) mentat 409: after i fix up some userland things that is my 
next projectg
(13:01:40) AbelssonH: Here's what i'm thinking: The clients should just 
pass all messages to that class, it'll decrypt and encrypt if needed.
(13:01:53) mentat 409: yeah
(13:02:12) mentat 409: most def, a session manager type thing
(13:02:28) AbelssonH: Yep. Do you wanna write it, or should I? :)
(13:02:37) mentat 409: that will also see if a remote client is GM over 
AIM and if it is i'll start tunneling
(13:03:17) AbelssonH: If we can do that, it'd be great.
(13:03:25) AbelssonH: Also, we need client authentication
(13:03:40) AbelssonH: So you can verify who you're talking to.
(13:03:51) mentat 409: yes, ssh2 supports certs too
(13:03:55) mentat 409: even pgp certs
(13:04:11) AbelssonH: I'm in heaven. That's absolutly perfect :)
(13:04:12) mentat 409: maybe it would be good to include GPG certs
(13:04:20) AbelssonH: definitely.
(13:04:39) AbelssonH: GPG keys would be exactly right.
(13:05:11) mentat 409: listen, i've got to run to lunch, but lets save 
the technical portion of this conversation and post it to the GM-devel 
and NNIM devel lists, ok with you?
(13:05:30) AbelssonH: good idea.
(13:05:44) mentat 409: ok, i'll be back in about an hour if you're still 
around
(13:05:51) AbelssonH: I'll see
(13:06:01) mentat 409: ok, ttyl, good to hear from you
(13:06:02) AbelssonH: Maybe a bit later.
(13:06:06) AbelssonH: yeah, you too.
(13:06:13) AbelssonH: ttyl
(13:44:30) AbelssonH logged out.