Follow

I need a secure, reliable, ordered messages protocol.

TLS/TCP only does streams.
DTLS/UDP doesn't do reliability or ordering.
SCTP isn't secure.

Help?

Preferably something with a Python binding available.

· brutaldon · 6 · 4 · 0

@zalandocalrissian Because I don't want to bother with HTTP's complexity when all I want is secure reliable messages?

@alexbuzzbee no need to run a full-blown webserver or anything, the python ecosystem has you covered: github.com/tripzero/python-wss

and after connection establishment, websocket doesn't really add overhead. you'll get through many firewalls as a bonus.

@zalandocalrissian It's still unnecessary initialization overhead. I'm going to keep looking.

@xiao Completely missing the message boundary preservation I was looking for, and is vulnerabile to downgrade attacks. For my purposes, this would be worse than TLS.

@xiao QUIC doesn't really have message boundaries either. I could use streams to implement them, but that would get messy fast.

@alexbuzzbee protobuffs/gRPC? At least for gRPC i know it can use crypto.

@yolo gRPC is an RPC protocol, not a message protocol, and protobuf is a serialization system without framing.

@alexbuzzbee just use TLS stream and add a small header with type/length of message following. And disable naggle and flush so hdr+message are sent immediately.

@alexbuzzbee SCTP over IPsec or building on top of one of the others seem the most likely options...

Sign in to participate in the conversation
Fosstodon

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.