Qt-contributors-summit-2013-Qt Network CS 2013: Difference between revisions

From Qt Wiki
Jump to navigation Jump to search
No edit summary
 
No edit summary
Line 1: Line 1:
=Qt Network Session – Qt Contributors Summit 2013=


==Talking Points==
* Option to add random padding to https requests. This makes us more resistant to the various https attacks that have been floating around. * X-Qt-Padding: some noise of varying length *Recommendation 3 from http://www.isg.rhul.ac.uk/tls/RC4biases.pdf
* Who is working on the stack?
* What’s up with the constant failing tests in the CI, and how can we fix the situation?
* Support for diffie-hellman ciphers
* Support for redirects
* Pause on connect
* Performance
* Peter’s chromium qnam port
* Automatic fallback support
* Certificate store <span class="caps">API</span> / Caching intermediates
* <span class="caps">OCSP</span> support
* Replacing the <span class="caps">QNAM</span> disk cache
* <span class="caps">HTTP</span> 2.0 / <span class="caps">SPDY</span> support
* Web sockets
* Enginio and Qt network
* Webkit2 and custom QNetworkAccessManagers
Off topic, but related:
* PBKDF2 / BCrypt support (QtCore really)
* Should we warn if running as root? If running suid?
Notes by Thiago:
* DH key exchange
** no public <span class="caps">API</span>
** easy to implement, hard to test
* <span class="caps">OCSP</span>
** adds latency: needs to query the <span class="caps">OCSP</span> server
** Richard implemented one year ago
** still works, but hasn’t worked on it in a while
** enabled by default
** QSslSocket level
* Certificate store:
** storing intermediate certs from broken servers that don’t return the whole chain
** browsers do that to work around issues in the wild
** adds security
** certificates are not trusted, so they don’t add a new security attack vector
** virtual QSslCertificate QAbstractSslCertificateStore::certificateForId(QSslCertificateId)
* <span class="caps">QNAM</span> redirects
** discussed in the DD Contributor Day
** vector for insecurity (users do it wrong)
** should be configurable
** we don’t need to fix this for the browser case → they already have the code
** we need it only for the simple application cases
** allow redirect from <span class="caps">HTTP</span> to <span class="caps">HTTPS</span>, allow within-protocol
** could work with pausing
** readyRead &amp; metaDataChanged from the final, sslErrors per connection
* Pause on connect:
** Already discussed, implementation challenges and details known
** Work is missing (Peter doesn’t have time)
* Performance: latency problems
** Helped by the pre-connect
* Replacing <span class="caps">QNAM</span> port:
** With Blink:
*** difficult, it’s too big for QtNetwork
*** no guarantee that we’ll get a “library” interface
** libcurl:
*** they’re behind us
* <span class="caps">SPDY</span> / <span class="caps">HTTP</span>/2.0:
** <span class="caps">HTTP</span>/2.0 adopted <span class="caps">SPDY</span> 3.0’s transport format
*** we can start supporting <span class="caps">SPDY</span> to get on our way to <span class="caps">HTTP</span>/2.0
** libcurl has started

Revision as of 13:59, 24 February 2015