Re: [VANILLA-LIST:2828] Re: SSL

[Dave Ahn <ahn@vec.wfubmc.edu>]

On Tue, Jan 11, 2000 at 08:48:15AM -0500, Alec Habig wrote:
> 
> Anyway, I was wondering how hard it would be to convert netrek to using
> SSL for the verification instead of the straight RSA library.  Being
> able to tell people "go install openssl and run ./configure" would be a
> step forward in usability.  People could then install whatever
> implementation of SSL fits their local laws or budget.

SSL is a beast that has more functionality than we would possibly ever
need.  And using an external package like SSL would make client key
obfuscation harder.  Even though the current RSA scheme requires export
control, at least it is tightly integrated into Netrek in terms of
compilation.

If we really want to improve the client authentication system, I think
that we would be better off designing a system from the ground up to
be used only for the authentication (no encryption) of clients and servers
in a gaming environment that isn't limited to Netrek.  Then, we can
apply to ITAR for an export license.  From what I have read at
www.bxa.doc.gov, all we would need is a one time review to get it.

Dave
-- 
Dave Ahn <ahn@vec.wfubmc.edu>        |  "When you were born, you cried and the
                                     |  world rejoiced.  Try to live your life
Virtual Endoscopy Center             |  so that when you die, you will rejoice
Wake Forest Univ. School of Medicine |  and the world will cry."  -1/2 jj^2