[arvados-dev] SSL in Keep

Ward Vandewege ward at curoverse.com
Thu Apr 3 20:48:49 EDT 2014


On Thu, Apr 03, 2014 at 05:45:57PM -0400, Tim Pierce wrote:
> Ward and I just had a conversation about how to implement SSL for Keep,
> knowing that Go's TLS support has had some problems in the past. I dug into
> the current state of the crypto/tls library for Go, and found this comment
> from Adam Langley, who maintains Google's SSL libraries:
> 
> ...crypto/tls does, of course, try to be useful.... the standard library
> doesn't try to be all things to all people. It quite deliberately aims to
> be simpler at the cost of only supporting the 90% case. If edge cases can
> be handled with local modifications then that does release the trunk from
> the burden of maintaining the code." (
> https://groups.google.com/d/msg/golang-nuts/LjhVww0TQi4/M5TTs81XsocJ)
> 
> 
> Because we expect the clients that talk directly to Keep to be relatively
> constrained -- i.e. we do not expect to have to support connections from
> random users' web browsers on old Windows machines or Mac OS 9 -- I think
> this isn't necessarily a dealbreaker for using Go's native crypto/tls
> support. As long as our own SDK can talk to Keep, we're still okay.  Any
> thoughts?

I think that's exactly right. In practice, I think this should be no problem
at all for our use case.

Thanks,
Ward.

-- 
Ward Vandewege <ward at curoverse.com>
VP Engineering and Operations



More information about the Arvados-dev mailing list