Maybe It's Snake Oil All the Way Down

[Peter Gutmann]

Bodo Moeller <moeller at cdc.informatik.tu-darmstadt.de> writes:

>Using an explicit state machine helps to get code suitable for multiplexing
>within a single thread various connections using non-blocking I/O.

Is there some specific advantage here, or is it an academic exercise?  Some
quirk of supporting certain types of hardware like nCipher boxes that do async
crypto/scatter-gather?  I have a vague idea from discussions with some
OpenSSL-engine developers that they had some requirement for supporting async
hardware in non-threaded environments, but from hearing the complaints about
how hard this ended up being I had the impression that this was a major
rewrite rather than something the state-machine implementation had been
specifically designed for (sorry, I don't have that much technical info, the
discussions tended to devolve into griping sessions about how hard async
crypto hardware was to work with, not helped by comments like "That's because
you're taking the path of most resistance, just use threads" :-).

I also don't know if that explains why, years before this was an issue,
everyone was already treating SSL as a state machine problem.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com