On TLS-AUTHZ

The TLS-AUTHZ document (protocol spec here) describes a mechanism to add support for authorization in the TLS protocol. The idea is part of a patent application, see the patent notification to the IETF. The protocol has a complicated history in the IETF. Right now a third last call is open to request feedback from the community. I’ve written about TLS-AUTHZ before.

RedPhoneSecurity is now trying to circumvent the IETF standardization process by trying to get the document published as an ‘experimental standard’. The document earlier failed to get consensus for publication on the standards track.

The responsible IETF Area Director, Tim Polk, argues that because there exists independent implementations, the community benefits from having the document published. The argument is silly because the only independent implementation is mine and I’m opposed to publication of the standard. Further, the document will remain accessible to anyone in the community with access to the Internet since it has been published as an Internet Draft. To clarify that we have no interest in a standard with patent claims, we have decided to remove the tls-authz implementation from GnuTLS. Together with the FSF we came up with the following statement which is part of the GnuTLS 2.0.2 release announcement:

** TLS authorization support removed.
This technique may be patented in the future, and it is not of crucial importance for the Internet community. After deliberation we have concluded that the best thing we can do in this situation is to encourage society not to adopt this technique. We have decided to lead the way with our own actions.

If you are concerned about having patented standards adopted by the IETF, now is a very good time to make your voice heard! The last call ends on October 23th. Please read about the issue, and familiarize yourself with the IETF process (RFC 2026, with updates related to patents in RFC 3989) and send your feedback to ietf@ietf.org.

Home Audio Server

Procrastinating real work, I documented my home audio server setup. I needed a cross-platform solution, and as a first step, I settled with MPD. The setup is only a few days old, and I may decide to change software eventually. But the current setup works under Gnome, Windows, Mac OS X and even on my Nokia 6233.

Home Audio Server

What may be missing is FM/DAB Radio and streaming of TV, but I’m not sure the little NSLU2 is up to it. We’ll see.

The writeup on how to do this is long, so I put it at a separate page:
http://josefsson.org/grisslan/audio.html

(This is a continuation of my series to document the devices that run my home, the first was the internet setup).

GnuTLS v2.0

I released GnuTLS v2.0 yesterday, the announcement is available.

So now we can start thinking of nice stuff to have in the v2.1.x series. Integrating the PKCS#11 support is one. ECC support? TLS 1.2 may go into v2.0.x. Opaque PRF input support is planned. Some benchmarking and optimization could be interesting. Other ideas?

Building GnuTLS and GNU SASL without running ./configure

Sometimes it can be useful to build things without the autoconf ./configure machinery, and just use a simple and hand-maintained makefile and config.h. This is needed to build things in older uClinux environments. I wrote some instructions on how to build GnuTLS and GNU SASL, and their dependencies (libgpg-error, libgcrypt, libtasn1) without running ./configure, see:

http://josefsson.org/uclinux/old/

The makefile/config.h aren’t specific to uClinux, so if you for some reason need to build these projects in some other environment, without autoconf, the files may be useful.

(Although if you want to build GnuTLS/GSASL properly under a modern uClinux, you’ll be better of reading an earlier post.)

1 TeraByte

The timing of an article about the Hitachi 1TB disk (linked via a slashdot post) and the disk situation on my home server was too good to be missed. Hence this.

dopio:~# df -h|tail -3
/dev/sda1             917G  200M  871G   1% /big
/dev/sdb1             276G  248G   14G  95% /data
/dev/sdc1             276G  264G     0 100% /backup
dopio:~# 

Oh, and not to be missed: the PopSci explanation of Perpendicular technology.