Updating TLS; bounty

gchiu · January 18, 2018, 6:33pm

I've got a rough estimate for updating TLS from Cyphre depending on what we need of $1500-2000.

I'll ask him to post to this thread what he wants to know.

Basically I think we need TLS 1.2 with ECDHE. Full server implementation also nice to have.

Eg. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

Please comment.

BlackATTR · January 19, 2018, 2:00am

My original goal was to restore Ren-C networking functionality to the way it worked prior to TLS 1.2. I'll need others with deeper familarity with protocols to decide if there are worthy side-goals that can be met for this bounty.
Per Brian Otto's previous comments, it would be great to also pick-up SFTP / SCP if those are along the same route.

gchiu · January 19, 2018, 2:21am

I don't think we want to regress the networking functionality!

Basically websites have moved to TLS 1.1 or 1.2 and Rebol networking is only sitting at 1.0 with mostly obsolete cipher suites.

We can do FTPS easily enough which is FTP over SSL but SFTP is FTP over SSH which is a different protocol altogether and would require someone to write the SSH in Rebol.

BlackATTR · January 19, 2018, 2:24am

To clarify, I meant that I wanted to restore the level of networking functionality which was lost when much of the Internet adopted TLS 1.2.

gchiu · January 19, 2018, 2:26am

So, I think this just basically means getting the elliptic curve encryption suites with SHA384 if we want to be up to date.

gchiu · January 19, 2018, 10:17am

Anyway, we do need an indication of how much, if anything, people are willing to contribute to this bounty before I approach Cyphre again. I presume his estimate was in USD and not Koruna!

swhite · January 19, 2018, 2:27pm

How would one actually go about sending money?

BlackATTR · January 19, 2018, 4:44pm

Count me in up to 50% assuming a $2k cap. I can adjust depending if there are other contributors, or if there are additional features we can get into the deliverables.

gchiu · January 19, 2018, 6:05pm

I'm the treasurer for the Rebol Foundation so you can send the donation to me as PayPal, crypto, or whatever.

gchiu · January 19, 2018, 6:06pm

Thanks. Really appreciated.

swhite · January 20, 2018, 1:48am

I could donate $50 when I refresh my memory on how to use paypal.

gchiu · January 20, 2018, 3:31am

All good. Thanks.

Running total is now USD1050.

BrianOtto · January 20, 2018, 4:24am

Count me in for $100

gchiu · January 20, 2018, 6:50am

Thanks .. running total now USD1150.

BlackATTR · February 2, 2018, 2:45pm

So we've got $1150 to work with so far. What does Cyphre want to get started? (I assume he's not expecting the $ up-front.)

gchiu · February 2, 2018, 6:56pm

He hasn't replied to me yet about that.

BlackATTR · February 2, 2018, 8:04pm

Ok, thanks. I just wanted to follow-up on this so it stays on the radar.

gchiu · February 2, 2018, 8:05pm

Basically he hasn't replied since he set the fee he was looking at. Maybe there's someone else amongst the old guard who are willing to do this.

BlackATTR · February 16, 2018, 7:16pm

Still no reply, eh? That's a disappointment.

gchiu · May 16, 2018, 8:13pm

@BlackATTR what sites do you have for testing that fail with the current ren-c builds?

I know that https://discourse.org fails