Future of KSSL

George Staikos staikos at kde.org
Fri Nov 17 18:40:20 GMT 2006

On 17-Nov-06, at 1:31 PM, Jernej Kos wrote:

> On Friday 17 November 2006 15:41, George Staikos wrote:
>>     Broken?  It never really supported it...  I'm curious as to why
>> you decided to write an incomplete SSL layer for your own app instead
>> of adding the support you need to KIO and submitting a patch
>> upstream.  Apparently you have thrown away a large variety of
>> features and functionality in order to gain only one small one that
>> you wanted.  This is very unfortunate because it means that user
>> preferences are ignored or treated differently across applications.
>> For that matter, if it's for FTP, we've wanted to have SSL support in
>> our FTP slave for quite some time now.
> Well since I needed the feature fast, I thought it was simpler (and  
> faster)to
> create a thin layer properly handling async SSL operations.  
> Regarding all
> those features - IMO it's all about what the endusers need. And  
> they need
> working SSL transfers much more than anything else at this moment.  
> As I said
> in my previous e-mail, the architecture can easily be changed as  
> soon as
> there exists an implementation that can properly handle async  
> connections (I
> have purpusfully kept class method names the same as in KSSL so the
> implementation can be simply interexchanged without major problems).
> I can also write a patch to the existing KSSL implementation, but a  
> while back
> when I mentioned these problems to Thiago, he said that the existing
> implementation needs a rewrite in any case.

     This is not the right place to debate how to implement SSL, but  
you must know that SSL is as much about the policy decisions as it is  
about the cipher.  Simply dropping a scramble over the wire without  
having proper certificate validation is good for fooling only most  
primitive of those who might want to observe traffic.  It gains  
almost nothing in terms of security.

George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

More information about the kde-core-devel mailing list