[TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)

Patrick Pelletier <code@funwithsoftware.org> Wed, 20 November 2013 05:06 UTC

Return-Path: <code@funwithsoftware.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23C311AE2FD for <tls@ietfa.amsl.com>; Tue, 19 Nov 2013 21:06:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 084pdwvFMSVN for <tls@ietfa.amsl.com>; Tue, 19 Nov 2013 21:06:18 -0800 (PST)
Received: from mail24c25-2209.carrierzone.com (mail223c25.carrierzone.com [64.29.147.237]) by ietfa.amsl.com (Postfix) with ESMTP id 6CB0D1AE304 for <tls@ietf.org>; Tue, 19 Nov 2013 21:06:18 -0800 (PST)
X-Authenticated-User: ppelleti.speakeasy.net
Received: from WhiteAndNerdy.local (dsl017-096-185.lax1.dsl.speakeasy.net [69.17.96.185]) (authenticated bits=0) by mail24c25-2209.carrierzone.com (8.13.6/8.13.1) with ESMTP id rAK55wIh026426 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 20 Nov 2013 05:06:01 +0000
Message-ID: <528C4332.9060806@funwithsoftware.org>
Date: Tue, 19 Nov 2013 21:05:54 -0800
From: Patrick Pelletier <code@funwithsoftware.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Andy Lutomirski <luto@amacapital.net>, Zooko Wilcox-OHearn <zooko@leastauthority.com>, tls@ietf.org, GnuTLS development list <gnutls-devel@lists.gnutls.org>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi> <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711DAEEE373@USMBX1.msg.corp.akamai.com> <528AD194.9060003@amacapital.net> <528AD326.8080908@kirils.com> <CAM_a8Jy_x-qZFdpxsLMnFjuYeAJBwqNqQLrnsAcf05GU5PuJfw@mail.gmail.com> <528BBD84.60700@amacapital.net>
In-Reply-To: <528BBD84.60700@amacapital.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-CSC: 0
X-CHA: v=2.1 cv=aKDJ99Nm c=1 sm=1 tr=0 a=3bGt9MXpJgS1DxBngKRbCQ==:117 a=3bGt9MXpJgS1DxBngKRbCQ==:17 a=eVbW6KzvAAAA:8 a=g0qM3YM6AAAA:8 a=6UjOdiLZwlsA:10 a=2hBAM-kcgFUA:10 a=rtZ2W72OR7QA:10 a=IkcTkHD0fZMA:10 a=SF9KqDZ7AAAA:8 a=ALWXcttn4-wA:10 a=mzuW33GSGNNL2pXcDewA:9 a=QEXdDO2ut3YA:10
X-CTCH-RefID: str=0001.0A020203.528C433E.005C, ss=1, re=0.100, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.100
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
Subject: [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2013 05:06:20 -0000

On 11/19/13, 11:35 AM, Andy Lutomirski wrote:

>   - Support multiple clients in the same process linked against the same
> library without causing those clients to interfere with each other
> (hello, GnuTLS).

What's the issue that GnuTLS has with this?  I'm more familiar with the 
issue OpenSSL has, namely that it requires threading callbacks to be 
set, so each client in the same process is going to be stomping on the 
same set of global callbacks.  I'd thought GnuTLS was better about 
global state, but maybe there's something I've missed.

Also, I thought Botan wasn't good on this point either, since it 
requires a LibraryInitializer object to be created, and (I thought) it 
doesn't support more than one LibraryInitializer existing at once.

--Patrick