[Twisted-Python] Securing a custom protocol
![](https://secure.gravatar.com/avatar/4d7c89a280c39a2131065169571c5c9f.jpg?s=120&d=mm&r=g)
Hi, I have written a custom line based protocol using twisted. I need to add authentication and encryption to my protocol and I am wondering what the best route is. Here are some options that I see: 1. Use SSL for encryption and cred for user authentication 2. Use SSH through conch As I understand it, both of these approaches can do authentication and encryption of any protocol. What are the advantages and disadvantages or each? Which is more robust and supported in twisted? Are there other approaches in twisted that I am missing? Some design constraints I have: 1. I need the protocol to be as fast as possible - low latency and high throughput. 2. I need to be able to run the protocol without encryption when speed is more important than security. Thanks! Brian
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
On Tue, 2005-12-27 at 09:36 -0800, Brian Granger wrote:
Stick to SSL (or really TLS, improved SSL). It gives you better interoperability (since you can support TLS more easily in other implementations), is easier to setup (just connectSSL or listenSSL), and it's what TLS was designed for. Authentication is a whole 'nother topic; you can use SSL certificates, or pass usernames/passwords in the protocol (look up the SRP authentication protocol for that if you intend to support non-encrypted connections). Cred just gives you twisted-side infrastructure, it doesn't have protocol-level support.
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
On Tue, 2005-12-27 at 09:36 -0800, Brian Granger wrote:
Stick to SSL (or really TLS, improved SSL). It gives you better interoperability (since you can support TLS more easily in other implementations), is easier to setup (just connectSSL or listenSSL), and it's what TLS was designed for. Authentication is a whole 'nother topic; you can use SSL certificates, or pass usernames/passwords in the protocol (look up the SRP authentication protocol for that if you intend to support non-encrypted connections). Cred just gives you twisted-side infrastructure, it doesn't have protocol-level support.
participants (2)
-
Brian Granger
-
Itamar Shtull-Trauring