Discussion:
[asio-users] Implementing DTLS in ASIO
Stefan Damm
2016-11-08 10:05:01 UTC
Permalink
Hi,

I started Implementing DTLS for ASIO. If there is interest
I'd like to integrate it into ASIO.
At the moment I did a Pull-request (which is not in a State
to be merged, as there are still things missing, without test, ...).
The Aim with the pull-request was mainly to prevent duplicate work.

Stefan Damm





------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
asio-users mailing list
asio-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/asio-users
_______________________________________________
Using Asio? List your project at
http://think-async.com/Asio/WhoIsUsingAsio
Vinnie Falco
2016-11-08 14:28:50 UTC
Permalink
Post by Stefan Damm
I started Implementing DTLS for ASIO. If there is interest
I'd like to integrate it into ASIO.
At the moment I did a Pull-request (which is not in a State
to be merged, as there are still things missing, without test, ...).
The Aim with the pull-request was mainly to prevent duplicate work.
I've looked over your pull request. For those that haven't seen it,
the work is here:
https://github.com/chriskohlhoff/asio/pull/129

I am not familiar with DTLS. Would you say that it is basically TLS
for UDP? Is this an accurate description:
https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security

While I did not go too deeply into your work, it looks like you have a
solid grasp of the internal workings of Asio. I don't speak for the
authors or maintainers of Asio. However, it has been my observation
that progress on merging outside contributions has been slow. My
theory is that the folks involved are very busy with working on the
Networking TS and as such there are not enough resources to take care
of issues and pull requests. This is just a guess and only my opinion
- I do not speak for others.

Without knowing more about DTLS, I think there could be significant
value in the work that you have done. Is there a way for you to
implement your code as a stand-alone extension to Asio? In other
words, without requiring a modification to the Asio source code? If
so, then people could easily begin to use your code and evaluate it.

It would also be helpful if you could provide at least a brief high
level description of the work that you have done and its associated
modifications. It looks like you refactored ssl::stream. Can you
provide a few paragraphs explaining the feature and how it integrates
into Asio?

Thanks

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
asio-users mailing list
asio-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/asio-users
_______________________________________________
Using Asio? List your project at
http://think-async.com/Asio/WhoIsUsingAsio
Stefan Damm
2016-11-08 15:45:10 UTC
Permalink
DTLS extends TLS to work on unreliable Transports. UDP is an example
for an unreliable Transport. Ideally the Implementation should work
for other Transports as well.

It might be possible to implement this without changing ASIO but
I haven't looked into this, as it would require much Code to be duplicated.
There might also be problems with duplicate openssl initialization and
similar things, so I am not sure this can be done in a safe way.
(I might try if I find the time.)

On the Implementation:
Changes Done:
- Add DTLS options to the Context
- Add io_helper to io, which allows to use async_receive instead of
async_read_some if the Transport does not provide it
- Move common functions of SSL::Stream and SSL::DTLS
to a common base class SSL::ssl_base, so the function of
SSL::Stream should not change and the code is not duplicated


What I am still working on:
- DTLS-Cookies (Cookies are part of DTLS to avoid using DTLS
Servers as amplifiers for DOS attacks).
- Tests
- Documentation


What I am not sure about:
- naming of SSL::DTLS
- io_helper allows usage of TLS over UDP
(does not work but will compile)
- breaks binary compatibility to older Versions
Post by Vinnie Falco
Post by Stefan Damm
I started Implementing DTLS for ASIO. If there is interest
I'd like to integrate it into ASIO.
At the moment I did a Pull-request (which is not in a State
to be merged, as there are still things missing, without test, ...).
The Aim with the pull-request was mainly to prevent duplicate work.
I've looked over your pull request. For those that haven't seen it,
https://github.com/chriskohlhoff/asio/pull/129
I am not familiar with DTLS. Would you say that it is basically TLS
https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security
While I did not go too deeply into your work, it looks like you have a
solid grasp of the internal workings of Asio. I don't speak for the
authors or maintainers of Asio. However, it has been my observation
that progress on merging outside contributions has been slow. My
theory is that the folks involved are very busy with working on the
Networking TS and as such there are not enough resources to take care
of issues and pull requests. This is just a guess and only my opinion
- I do not speak for others.
Without knowing more about DTLS, I think there could be significant
value in the work that you have done. Is there a way for you to
implement your code as a stand-alone extension to Asio? In other
words, without requiring a modification to the Asio source code? If
so, then people could easily begin to use your code and evaluate it.
It would also be helpful if you could provide at least a brief high
level description of the work that you have done and its associated
modifications. It looks like you refactored ssl::stream. Can you
provide a few paragraphs explaining the feature and how it integrates
into Asio?
Thanks
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
asio-users mailing list
https://lists.sourceforge.net/lists/listinfo/asio-users
_______________________________________________
Using Asio? List your project at
http://think-async.com/Asio/WhoIsUsingAsio
--
sodge IT GmbH
Hauptwasen 8
72336 Balingen

Mail: ***@sodgeit.de
Mobil: +49-176-93705706

URL: http://www.sodgeit.de
Telefon: +49-7433-95 59 28 4
Fax: +49-7433-95 59 28 5
---
Sitz der Gesellschaft: Balingen
Registergericht: Amtsgericht Stuttgart HRB 740109
Geschäftsführer: Matthias Ehinger / David Feurle / Götz Martinek
Loading...