]> pere.pagekite.me Git - homepage.git/blobdiff - blog/archive/2020/06/06.rss
projects / homepage.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix typos.
[homepage.git] / blog / archive / 2020 / 06 / 06.rss
diff --git a/blog/archive/2020/06/06.rss b/blog/archive/2020/06/06.rss
index 2ad2f79d69d727eb1cf7fe5836dd4dd12fae64c5..cd3c5b13c395eabef8685c493ab4ab2c90ec52f7 100644 (file)
--- a/blog/archive/2020/06/06.rss
+++ b/blog/archive/2020/06/06.rss
@@ -3,13 +3,81 @@
        <channel>
                <title>Petter Reinholdtsen - Entries from June 2020</title>
                <description>Entries from June 2020</description>
-                <link>http://people.skolelinux.org/pere/blog/</link>
+                <link>https://people.skolelinux.org/pere/blog/</link>
 
        
+       <item>
+               <title>Secure Socket API - a simple and powerful approach for TLS support in software</title>
+               <link>https://people.skolelinux.org/pere/blog/Secure_Socket_API___a_simple_and_powerful_approach_for_TLS_support_in_software.html</link>        
+               <guid isPermaLink="true">https://people.skolelinux.org/pere/blog/Secure_Socket_API___a_simple_and_powerful_approach_for_TLS_support_in_software.html</guid>
+                <pubDate>Sat, 6 Jun 2020 12:40:00 +0200</pubDate>
+               <description>&lt;p&gt;As a member of the &lt;a href=&quot;https://www.nuug.no/&quot;&gt;Norwegian Unix
+User Group&lt;/a&gt;, I have the pleasure of receiving the
+&lt;a href=&quot;https://www.usenix.org/&quot;&gt;USENIX&lt;/a&gt; magazine
+&lt;a href=&quot;https://www.usenix.org/publications/login/&quot;&gt;;login:&lt;/a&gt;
+several times a year.  I rarely have time to read all the articles,
+but try to at least skim through them all as there is a lot of nice
+knowledge passed on there.  I even carry the latest issue with me most
+of the time to try to get through all the articles when I have a few
+spare minutes.&lt;/p&gt;
+
+&lt;p&gt;The other day I came across a nice article titled
+&quot;&lt;a href=&quot;https://www.usenix.org/publications/login/winter2018/oneill&quot;&gt;The
+Secure Socket API: TLS as an Operating System Service&lt;/a&gt;&quot; with a
+marvellous idea I hope can make it all the way into the POSIX standard.
+The idea is as simple as it is powerful.  By introducing a new
+socket() option IPPROTO_TLS to use TLS, and a system wide service to
+handle setting up TLS connections, one both make it trivial to add TLS
+support to any program currently using the POSIX socket API, and gain
+system wide control over certificates, TLS versions and encryption
+systems used.  Instead of doing this:&lt;/p&gt;
+
+&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;
+
+&lt;p&gt;the program code would be doing this:&lt;p&gt;
+
+&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS);
+&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;
+
+&lt;p&gt;According to the ;login: article, converting a C program to use TLS
+would normally modify only 5-10 lines in the code, which is amazing
+when compared to using for example the OpenSSL API.&lt;/p&gt;
+
+&lt;p&gt;The project has set up the
+&lt;a href=&quot;https://securesocketapi.org/&quot;&gt;https://securesocketapi.org/&lt;/a&gt;
+web site to spread the idea, and the code for a kernel module and the
+associated system daemon is available from two github repositories:
+&lt;a href=&quot;https://github.com/markoneill/ssa&quot;&gt;ssa&lt;/a&gt; and
+&lt;a href=&quot;https://github.com/markoneill/ssa-daemon&quot;&gt;ssa-daemon&lt;/a&gt;.
+Unfortunately there is no explicit license information with the code,
+so its copyright status is unclear.  A
+&lt;a href=&quot;https://github.com/markoneill/ssa/issues/2&quot;&gt;request to solve
+this&lt;/a&gt; about it has been unsolved since 2018-08-17.&lt;/p&gt;
+
+&lt;p&gt;I love the idea of extending socket() to gain TLS support, and
+understand why it is an advantage to implement this as a kernel module
+and system wide service daemon, but can not help to think that it
+would be a lot easier to get projects to move to this way of setting
+up TLS if it was done with a user space approach where programs
+wanting to use this API approach could just link with a wrapper
+library.&lt;/p&gt;
+
+&lt;p&gt;I recommend you check out this simple and powerful approach to more
+secure network connections. :)&lt;/p&gt;
+
+&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
+</description>
+       </item>
+       
        <item>
                <title>Bompenge-Norge, med noen tall fra bompengekalkulator</title>
-               <link>http://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html</guid>
+               <link>https://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html</link>        
+               <guid isPermaLink="true">https://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html</guid>
                 <pubDate>Mon, 1 Jun 2020 14:50:00 +0200</pubDate>
                <description>&lt;p&gt;Det er tett med sensorstasjoner langs veinettet i Norge, som
 registrerer hvilke kjøretøy som passerer eller tar bilde av de som
Nettsider og blogg.