[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-dev] NextProtoNego and OSGi
|
Hi,
Am 29.01.2013 16:12, schrieb Simone Bordet:
Sorry, not following, can you expand ?
Did you rewrite the SSL implementation on your own ?
Otherwise I don't see how you can plug in NPN.
Yes. One of our research teams is working on technologies related to the
new Germany passport. It is heavily based on secure transports and
certificates for establishing trust. It also requires additional TLS
features (beyond NPN) which the JRE implementation doesn't provide.
How do you implement non-blocking writes if you use sockets and streams ?
The TSL library implements a channel by default. The JRE provides
utility methods for creating blocking streams, eg.,
Channels.newOutputStream(...)).
So you have rewritten the SSL parsing/generation and all that ?
If so, what guarantee do you have that it is secure and does not
contain security exploits ?
The research team works closely with the BSI
(https://www.bsi.bund.de/EN/Home/home_node.html) which puts some
interesting requirements on the implementation. As a pure Java
implementation it is not affected by typical exploits that may hit
OpenSSL & co.
We did not run the implementation through any commercial 3rd party
auditing yet.
-Gunnar
--
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx
http://wagenknecht.org/