[MUD-Dev] SSL vs. SASL (was: UDP Revisted)

Bruce Mitchener bruce at puremagic.com
Tue Oct 16 12:06:27 New Zealand Daylight Time 2001

amanda at alfar.com wrote:

> For example, let's say you want to use SSL for connection setup
> and "lobby" stuff, so that you don't have to reinvent that wheel
> (and once you have an established SSL connection, can exchange a
> key for encrypting game data).  This way you can offload the SSL
> processing to a hardware SSL accelerator without investing a lot
> of time and energy into that aspect of the problem.  For this,
> TCP's the way to go--reinventing SSL over UDP would not bring you
> any benefit.

Have you looked at SASL?

 From http://asg.web.cmu.edu/sasl/:

     SASL is the Simple Authentication and Security Layer, a method
     for adding authentication support to connection-based
     protocols. To use SASL, a protocol includes a command for
     identifying and authenticating a user to a server and for
     optionally negotiating protection of subsequent protocol
     interactions. If its use is negotiated, a security layer is
     inserted between the protocol and the connection.

I'm not sure if it would map well onto a UDP-based protocol (it
would depend on the semantics of that protocol), but it might be
something better suited than trying to reinvent SSL-over-UDP.

SASL is an IETF standard and is being used in some other protocols
to provide authentication facilities (like the BEEP protocol).

  - Bruce

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list