Re: Bug#693310: ITP: spiped -- create secure pipes between socket addresses

To: Paul Wise <pabs@debian.org>
Cc: 693310@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#693310: ITP: spiped -- create secure pipes between socket addresses
From: Peter Pentchev <roam@ringlet.net>
Date: Thu, 15 Nov 2012 15:26:52 +0200
Message-id: <[🔎] 20121115132652.GE5844@straylight.m.ringlet.net>
In-reply-to: <[🔎] CAKTje6Enq=AHcivhM+UC3_5uvNvLYjMMR_SWjTVST9OBbtmNMA@mail.gmail.com>
References: <[🔎] 20121115121720.30118.48777.reportbug@straylight.m.ringlet.net> <[🔎] CAKTje6Enq=AHcivhM+UC3_5uvNvLYjMMR_SWjTVST9OBbtmNMA@mail.gmail.com>

On Thu, Nov 15, 2012 at 09:12:53PM +0800, Paul Wise wrote:
> On Thu, Nov 15, 2012 at 8:18 PM, Peter Pentchev wrote:
> 
> >   Description     : create secure pipes between socket addresses
> >
> > spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
> > encrypted and authenticated pipes between socket addresses, so that one may
> > connect to one address (e.g., a UNIX socket on localhost) and transparently
> > have a connection established to another address (e.g., a UNIX socket on a
> > different system).  This is similar to 'ssh -L' functionality, but does not
> > use SSH and requires a pre-shared symmetric key.
> >
> > spipe (pronounced "ess-pipe") is a utility which acts as an spiped protocol
> > client (i.e., connects to an spiped daemon), taking input from the standard
> > input and writing data read back to the standard output.
> 
> Sounds similar to socat, which can connect endpoints (including SSL ones).
> 
> stunnel is similar too.

Thanks for your comments!

I am familiar with Stunnel (I maintained the FreeBSD port for several
years), and I have indeed examined the Swiss army knife that is socat,
too.  IMHO the advantages of spiped lie in its simplicity, its lean and
mean design for doing just one thing and doing it well (and yes, I am
quite aware that this is pretty much exactly how socat started Way Back
When :)) and its speed.  It does not attempt to start a full-blown
OpenSSL session, it uses just symmetric cryptography with a preshared
key (and an optional, on by default, Diffie-Hellman session key
exchange) for robust, high-load client-server connections (as witnessed
by its origin in the Tarsnap project).

I personally think that it would be a useful alternative to have in
Debian; of course, if people's opinion leans the other way, I would be
prepared to withdraw the ITP.

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net roam@FreeBSD.org peter@packetscale.com
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
If you think this sentence is confusing, then change one pig.

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#693310: ITP: spiped -- create secure pipes between socket addresses
  - From: Peter Pentchev <roam@ringlet.net>
- Re: Bug#693310: ITP: spiped -- create secure pipes between socket addresses
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Bug#693310: ITP: spiped -- create secure pipes between socket addresses
Next by Date: Bug#693342: ITP: dhrystone -- a popular benchmark for CPU/compiler performance measurement
Previous by thread: Re: Bug#693310: ITP: spiped -- create secure pipes between socket addresses
Next by thread: Bug#693342: ITP: dhrystone -- a popular benchmark for CPU/compiler performance measurement
Index(es):
- Date
- Thread