[arvados-dev] SSL in Keep
Tim Pierce
twp at curoverse.com
Thu Apr 3 17:45:57 EDT 2014
Ward and I just had a conversation about how to implement SSL for Keep,
knowing that Go's TLS support has had some problems in the past. I dug into
the current state of the crypto/tls library for Go, and found this comment
from Adam Langley, who maintains Google's SSL libraries:
...crypto/tls does, of course, try to be useful.... the standard library
doesn't try to be all things to all people. It quite deliberately aims to
be simpler at the cost of only supporting the 90% case. If edge cases can
be handled with local modifications then that does release the trunk from
the burden of maintaining the code." (
https://groups.google.com/d/msg/golang-nuts/LjhVww0TQi4/M5TTs81XsocJ)
Because we expect the clients that talk directly to Keep to be relatively
constrained -- i.e. we do not expect to have to support connections from
random users' web browsers on old Windows machines or Mac OS 9 -- I think
this isn't necessarily a dealbreaker for using Go's native crypto/tls
support. As long as our own SDK can talk to Keep, we're still okay. Any
thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.arvados.org/pipermail/arvados-dev/attachments/20140403/c391aeaf/attachment.html>
More information about the Arvados-dev
mailing list