Sign in to follow this  
Followers 0
RadoX

TLS

6 posts in this topic

I use same port

TCP=1412

UDP=1412

TLS=1412

1. This does not give me errors as it sould if same ports is running for two applications.

2. If TLS uses TCP port it sould be named TLS/TCP and you sould not be able to use the same as you put in TCP.

3. As of now, can TLS use the same port as TCP but missing the error?

4. Wuy use TLS?

Share this post


Link to post
Share on other sites

perhaps someone else can correct my mistakes .. as alawys ;).

>1. This does not give me errors as it sould if same ports is running for two applications.

probably more of a bug in dc++ as apose to sdc or apex. if it is even a bug

>2. If TLS uses TCP port it sould be named TLS/TCP and you sould not be able to use the same as you put in TCP.

it should probably explicitly say tcp. the second point is aguarble (i agree with you) but it may be that someone wants to use just adcs or just adc and not both, which i think should work (see below). A week argument i know, im clinging at straws :)

>3. As of now, can TLS use the same port as TCP but missing the error?

from what i understand putting the same port in the settings wont cause a problem untill you try to conect to a adcs and a adc/nmdc hub at the same time. if you are only going to conect to none tls hubs having the same port in the settings will not cause a problem

>4. Wuy use TLS?

well i posed an answer to this else where so to reframe from repeating my self :)

this basicly means that connectios between you and the hub you are in will be encryptid and that file transfers be enrypted (assuming both parties support it). however the connection is only secure if you 'Trust' the person/hub you are connected too.

Edit: just wanted to say that this is a very early draft. It could and most likly will change quite a bit.

ref: TSL, What is it for?

the refrenced thread above may prove usefull. it is also worth reiterating that adc (which tls is a part of) is still a draft protocol the support for it is not yet perfect, think of it as alpha or even pre-alpha.

hope that helps :)

Edited by balder

Share this post


Link to post
Share on other sites

So what I understand is the hub must have TLS for it to work (no hub software have this now if I´m right).

I need to trust someone on the net that i´ve never seen (not likely).

I need to genarate certificet and let the hub and user have it (wtf and for what)

only use it for adcs and adc (what´s that and what for)

Wuy have this in the client if it is in beta end thay haven´t figure it out how to use it. How do thay ecpect normal ppl to understand all this.

And finally, is it not going to increese the hub work dealing with this, expesialy when hub is running with 1000 or more ppl.

bwaaa this is hurting my little brain :)

I would like to know what is the point of this and wuy do I need to encrypt my transfer

I don´t like this at all, so should TLS port be blank.

Sorry my english

Share this post


Link to post
Share on other sites

> So what I understand is the hub must have TLS for it to work (no hub software have this now if I´m right).

thats correct. however tls [will] also work between client and client. i dont know if client to client will requier you to conect to the adcs channel of the hub or if it even needs to be an adc hub

>I need to trust someone on the net that i´ve never seen (not likely).

you need to trust some one for it to be secure. this is more usefull for private hubs or perhaps op's and vip's.

>I need to genarate certificet and let the hub and user have it (wtf and for what)

Well you could do the generation with a cn of you CID. When you connect you will send the hub/user your puplic key to the hub (a certificate contains a public and a private key). the hub/user can then use this to enrypt transmissions from that point on. This would allow un-trusted encrypted connections

Alternitivly the hub could issue you with a cert signed by there authority server. When you conect would send the hub the correct public key, probably decided by looking at the for an issued by cn equal to the hubs dns. The hub can validate that they issued the certificate to you as it is signed by them. you can then establish a secure connection with each other in a simlar manner. this would allow for trusted encrypted connections assuming that the hub trusted you when they issued the cert.

an encrpted connection would prevent people on your network monitoring what you where chatting about and what you where downloading. if the hub is also secure i.e. the trust everyone they have issued the certificate too and only allow access via tls then you can be confident that no unotherised people will access the hub. well thats the theory

just like to say that PKI is very complex and i am no expert so dont take that ^^^ as gosbal

>only use it for adcs and adc (what´s that and what for)

ADC is the 'Draft' protocol posed to take other nmdc see here

> Wuy have this in the client if it is in beta end thay haven´t figure it out how to use it.

unsure perhaps to preper people for the idea that it is commming.

> How do thay ecpect normal ppl to understand all this.

mabey if the introduce it a longtime before it is in wide spread use people will have time to slowly pick it up ;)

> And finally, is it not going to increese the hub work dealing with this, expesialy when

> hub is running with 1000 or more ppl.

it will increase work load for the initial login but after that point it is likly that an aggreed upon session key will be used to perform symmetric encryption/unecryption on the data. this is much less resource equstive then asymetric encryption so shouldn't increase work load to much

>bwaaa this is hurting my little brain :S

mine too :)

> would like to know what is the point of this and wuy do I need to encrypt my transfer

i think i answered this earlier mainly to prevent eavsdropers

>I don´t like this at all, so should TLS port be blank.

may as well be

>Sorry my english

sorry for my bad spelling :)

Edited by balder

Share this post


Link to post
Share on other sites

Thanx balder for the info.

This encryption could be useful but I would like it to encrypt TCP and UDP when it is possible (auto) so users would not have to know how to use it cos it would be implemented.

Get rid of this certificate, I can´t see how that is going to be useful. If certificate connection can not be done than it would be without certificate, unless you must use it to get connection to other users.

I´m going to stop think about this now im getting a headake. :)

Share this post


Link to post
Share on other sites

ok this will be my last post on this subbject as i am am quickly getting out of my depth.

>this encryption could be useful but I would like it to encrypt TCP and UDP

>when it is possible (auto) so users would not have to know how to use it cos

>it would be implemented.

I cant see this been done automaticly. any automation would essentially undermine the security. It is going to be a user education thing like getting users in to active. but remeber you wont have to use it :)

> Get rid of this certificate, I can´t see how that is going to be useful. If

> certificate connection can not be done than it would be without

> certificate, unless you must use it to get connection to other users.

i am unsure what you are saying here but i think you. if you are unable to use certificates most hubs will probably allow you to connect without them. However if you wish to have a private hub this is currently the most secure way to keep unwanted users out. it will also be very good to get op's and above to use certificates. these users are genraly advanced anyway and if they use it, it would make it harder to hack op/net/owner accounts.

and off topic i am pretty sure this is my 200'th post Whay me ;)

edit: it is

Edited by balder

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0