Branches

[Guus Sliepen]

On Fri, Jan 27, 2006 at 03:21:06PM -0800, Scott Lamb wrote:

> I've got more changes on my to-do list, but I want to ensure I'm  
> making my changes against the right branch.
> 
> * I'm working with trunk now. I don't think its TCP tunneling is as  
> secure as the UDP tunneling. It looks like its IVs and HMACs are  
> added and verified in send_udppacket and receive_udppacket. The TCP  
> connection encrypts but doesn't have these anti-modification  
> features. (Right?)

Correct, although modification of the TCP stream will create garbled
plaintext upon decryption, and then tinc will close the connection.

> * The 1.0-gnutls branch lets gnutls take care of encryption for the  
> TCP connection. I'm confident this is secure.

It is as secure as TLS is :)

> * The 2.0 branch appears to be all reorganized but not functional  
> yet. A couple recent changes.

Correct.

> * POKEY and pre4-cube are stagnant.

Correct.

> My guess is that the 1.0-gnutls branch is going to be merged into  
> trunk sometime soon? Will 2.0 be using gnutls?

The 1.0-gnutls branch will not be merged with the trunk, it is not
compatible with the protocol used in tinc 1.x. It is more of a
"proof-of-concept". 2.0 will definitely be using GNUTLS.

If you want I can create a branch for you where you have commit rights.
I can merge your changes back to the trunk once I reviewed them.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20060128/d060b3e5/attachment.pgp