<h3>Entries from June 2020.</h3>
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Secure_Socket_API___a_simple_and_powerful_approach_for_TLS_support_in_software.html">Secure Socket API - a simple and powerful approach for TLS support in software</a>
+ </div>
+ <div class="date">
+ 6th June 2020
+ </div>
+ <div class="body">
+ <p>As a member of the <a href="https://www.nuug.no/">Norwegian Unix
+User Group</a>, I have the pleasure of receiving the
+<a href="https://www.usenix.org/">USENIX</a> magazine
+<a href="https://www.usenix.org/publications/login/">;login:</a>
+several times a year. I rarely have time to read all the articles,
+but try to at least skim through them all as there is a lot of nice
+knowledge passed on there. I even carry the latest issue with me most
+of the time to try to get through all the articles when I have a few
+spare minutes.</p>
+
+<p>The other day I came across a nice article titled
+"<a href="https://www.usenix.org/publications/login/winter2018/oneill">The
+Secure Socket API: TLS as an Operating System Service</a>" with a
+marvellous idea I hope can make it all the way into the POSIX standard.
+The idea is as simple as it is powerful. By introducing a new
+socket() option IPPROTO_TLS to use TLS, and a system wide service to
+handle setting up TLS connections, one both make it trivial to add TLS
+support to any program currently using the POSIX socket API, and gain
+system wide control over certificates, TLS versions and encryption
+systems used. Instead of doing this:</p>
+
+<p><blockquote><pre>
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+</pre></blockquote></p>
+
+<p>the program code would be doing this:<p>
+
+<p><blockquote><pre>
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS);
+</pre></blockquote></p>
+
+<p>According to the ;login: article, converting a C program to use TLS
+would normally modify only 5-10 lines in the code, which is amazing
+when compared to using for example the OpenSSL API.</p>
+
+<p>The project has set up the
+<a href="https://securesocketapi.org/">https://securesocketapi.org/</a>
+web site to spread the idea, and the code for a kernel module and the
+associated system daemon is available from two github repositories:
+<a href="https://github.com/markoneill/ssa">ssa</a> and
+<a href="https://github.com/markoneill/ssa-daemon">ssa-daemon</a>.
+Unfortunately there is no explicit license information with the code,
+so its copyright status is unclear. A
+<a href="https://github.com/markoneill/ssa/issues/2">request to solve
+this</a> about it has been unsolved since 2018-08-17.</p>
+
+<p>I love the idea of extending socket() to gain TLS support, and
+understand why it is an advantage to implement this as a kernel module
+and system wide service daemon, but can not help to think that it
+would be a lot easier to get projects to move to this way of setting
+up TLS if it was done with a user space approach where programs
+wanting to use this API approach could just link with a wrapper
+library.</p>
+
+<p>I recommend you check out this simple and powerful approach to more
+secure network connections. :)</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title">
<a href="http://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html">Bompenge-Norge, med noen tall fra bompengekalkulator</a>
<li><a href="http://people.skolelinux.org/pere/blog/archive/2020/05/">May (3)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2020/06/">June (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2020/06/">June (2)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (170)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (171)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (159)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (417)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (418)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (57)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (58)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (60)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (4)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix (2)</a></li>
projects / homepage.git / blobdiff