Hi,<div><br></div><div>I'm happy to announce the first release of secure-sockets, a library which aims to simplify the task of communicating securely between two authenticated peers.</div><div><br></div><div><div><div>
--------------------------------------------</div><div>-- What it is</div><div>--------------------------------------------</div></div></div><div><br></div><div>The API mimicks that of Network.Socket, and introduces the additional notion of peer identity, which is distinct from the endpoint address (host and port). Connections can only be established between two peers who know and expect to be communicating with each other.</div>
<div><br></div><div>Transport security is implicitly taken care of: an established Network.Secure.Connection implies that each end of the connection successfully authenticated to the other, and that they have setup strong encryption for your data.</div>
<div><br></div><div><div><div>--------------------------------------------</div><div>-- What it isn't</div><div>--------------------------------------------</div></div></div><div><br></div><div>The library leans towards the "zero configuration" end of the spectrum, and basically Just Works. This means that if you know exactly what you want and need for the cipher, authentication algorithm, key type and length, key exchange protocol, HMAC algorithm, rekeying intervals, random number source... Then secure-sockets is not for you.</div>
<div><br></div><div>If on the other hand you just want to replace your current cleartext "cipher" and faith-based "authentication" code with something that gives you a good chance of being secure (see caveats in docs), without diving into the rich madness that is full blown SSL, then you might want to take a look.</div>
<div><br></div><div>This library assumes that both ends of a connection are using it. The goal of secure-sockets is not to allow you to connect to any SSL-enabled server, or to speak a particular standard flavor of authentication protocol. Internally, secure-sockets uses SSL to achieve its goals, so you might get lucky if you do it just right, but that is an implementation detail. The library is designed to help you easily secure communications between two programs whose implementation you control, not between you and anything out there.</div>
<div><br></div><div><div>--------------------------------------------</div><div>-- Links</div><div>--------------------------------------------</div></div><div><br></div><div>Homepage: <a href="http://secure-hs.googlecode.com/">http://secure-hs.googlecode.com/</a></div>
<div><br></div><div>Hackage page: <a href="http://hackage.haskell.org/package/secure-sockets">http://hackage.haskell.org/package/secure-sockets</a></div><div><br></div><div>Bug tracker: <a href="http://code.google.com/p/secure-hs/issues/list">http://code.google.com/p/secure-hs/issues/list</a></div>
<div><br></div><div>Code repository: <a href="https://secure-hs.googlecode.com/hg">https://secure-hs.googlecode.com/hg</a></div><div><br></div><div><div>--------------------------------------------</div><div>-- Thanks</div>
<div>--------------------------------------------</div></div><div><br></div><div>I'd like to thank my employer, Google. Not only did they not get mad at the idea that I might want to hack on Haskell during working hours (as my "20% project"), they also made it very painless for me to open source this code when the time came.</div>
<div><br></div><div><div><div>--------------------------------------------</div><div>-- Questions?</div><div>--------------------------------------------</div></div></div><div><br></div><div>Questions, comments, suggestions and patches can be filed in the issue tracker, emailed directly to me, or thrown out on haskell-cafe.</div>
<div><br></div><div>Hope you find this code useful!</div><div>- Dave</div>