[elvin-discuss] Elvin URI spec questions

Matthew Phillips matt at mattp.name
Fri Feb 23 20:59:50 CST 2007


On 21/02/2007, at 7:34 PM, David Arnold wrote:

> -->"Matt" == Matthew Phillips <matt at mattp.name> writes:
>
> hi Matt,
>
> sorry about the delay in responding ... :-(

No worries, I gather you've been pretty busy and/or not in the  
country ;)

> you've just stumbled over the first of several problems with the Elvin
> URL scheme as it is implemented today.
>
> it's reasonable to implement SSL as a transparent encryption layer  
> over
> any underlying transport.  but ... in Mantara's implementation, the
> 'ssl' protocol is a transport that uses SSL over TCP.

Ah, it becomes clear.

> there are no existing security modules.

<snip>

>   Matt> The spec doesn't actually nail down the
>   Matt> (transport,security,marshalling) structure, so I'm just
>   Matt> guessing, but this seems to be what all the client accept.
>
> going forward, we tend to talk about the n-layer stack.
> the URL spec should support stacks of 1..N of these modules, so  
> long as
> the interfaces between them match up.
>
> it'd be totally reasonable to define an 'ssl2' or 'ssl-enc' or  
> something
> which means SSL over any underlying transport, but until now, it  
> hasn't
> been a priority.
>
> hope this helps ...

It all sounds reasonable. And since I'm not doing SSL at all in 1.0,  
it's not going to be an issue any time soon from my POV. Just wanted  
to make sure I was reading the spec right.

Would it make sense for Mantara Elvin to accept ssl,none,xdr and  
ssl,tcp,xdr as equivalents in the meantime? Or has the "ssl"  
directive become tainted permanently with its hardcoding to TCP?

Matt.



More information about the elvin-discuss mailing list