Talk:UDP API DEV: Difference between revisions
m (→Encryption: add sub-heading to clarify the two parts are talking about different things) |
|||
| Line 25: | Line 25: | ||
--[[User:Exp|Exp]] 06:58, 27 January 2006 (CET) | --[[User:Exp|Exp]] 06:58, 27 January 2006 (CET) | ||
=== Crypto Protocol === | |||
The encryption specified in the protocol is poorly defined. AES is just a cipher, not a protocol; there are critical details missing, like the type of chaining being done; if its being used in stream or block mode; how replay prevention and other Mallory attacks are to be prevented; etc. Consider using an existing, well-understood crypto protocol. TLS comes to mind. [[User:Derobert|Derobert]] 02:22, 28 January 2006 (CET) | The encryption specified in the protocol is poorly defined. AES is just a cipher, not a protocol; there are critical details missing, like the type of chaining being done; if its being used in stream or block mode; how replay prevention and other Mallory attacks are to be prevented; etc. Consider using an existing, well-understood crypto protocol. TLS comes to mind. [[User:Derobert|Derobert]] 02:22, 28 January 2006 (CET) | ||
Revision as of 01:22, 28 January 2006
Uh, very cute but... unless you've got exp to hand you the udp sources, he'll be the one who has to implement it, in which case this is just a set of feature requests, and we have a bug tracker for that. (But expect most of them to be put on his indefinite todo list or be refused outright.)
--Pelican 16:00, 27 Oct 2005 (CEST)
I have the source. I’ve taken over the development. --Epoximator 16:10, 27 Oct 2005 (CEST)
- Mind writing a little something that I can post on the main page Epox? Webaom never quite got the publicity it deserved either really, wouldn't hurt to do a bit of a heads up on what can be done. --Rar 21:43, 27 Oct 2005 (CEST)
- I have posted something in the forum now: http://www.anidb.net/forum/viewtopic.php?t=2328&start=45. You can use that if you want. --Epoximator 13:58, 28 Oct 2005 (CEST)
Encodings
Protocol 2 says that the current character encoding is “unknown.” Shouldn't this be defined, preferably to some Unicode, like UTF-8? Considering AniDB maintains data in several languages, isn't having an agreed-upon encoding important? Derobert 01:35, 14 November 2005 (CET)
- I guess it's ok to set this to ASCII now. All non ASCII chars should be html escaped. --Epoximator 11:40, 27 January 2006 (CET)
Encryption
"encryption pass must be set in profile settings on the website"
for this to be really useful for all the paranoid ppl out there, you should really change the website to https. luckily for me, I'm not paranoid about this, but I thought it should be pointed out. --Suppy 06:41, 27 January 2006 (CET)
https is concidered a possible performance issue and is therefore currently not supported by anidb. if I have too much time I might write something up which allows only the signup, login and profile pages to be transmitted via https and everything else via http. does anyone know if there is a good howto somewhere on how to best set this up? (i could always hardcode these limitations, but there should be a better way) And the main reason for this feature is the usage of clients over untrusted connections. Which is possible once you configured your client password via a trusted connection. --Exp 06:58, 27 January 2006 (CET)
Crypto Protocol
The encryption specified in the protocol is poorly defined. AES is just a cipher, not a protocol; there are critical details missing, like the type of chaining being done; if its being used in stream or block mode; how replay prevention and other Mallory attacks are to be prevented; etc. Consider using an existing, well-understood crypto protocol. TLS comes to mind. Derobert 02:22, 28 January 2006 (CET)