Wow. I just noticed that it’s been 2 months since I posted news of any kind about my favorite project ever. My apologies to all of you who have wondered if something was wrong. Real Life has taken hold for a time, and with some possible changes in that area on the horizon, it may be a couple or three months before the dust settles.
Although checking my GitHub profile heat map might make you think that it’s been nothing but crickets for most of November, this is more on how GitHub shows activity than anything. I finished the pymensago code which checks for DNSSEC support for a server and validates the records. This begins to pave the way for external delivery and a complete client-side keycard resolver. Client sync and update handling made more progress. Most recent work has come in the form of a new messaging stack: Oganesson.
Oganesson is a network-layer messaging framework — if you’re not a developer you can completely skip this section and not miss a thing. 😎 I began writing it initially for a side project of my own inspired by some system administrator needs at work. After discovering that there were some growing limitations in Mensago’s current message architecture, I decided to update refactor Oganesson so that it could work well for both projects. Figuring out the right tweaks to make has been the hard part, and that part is done now. Development currently focuses on implementing a few different types of session encryption.
I’m sure I can hear some of you saying, “Don’t design your own crypto!” and you’d be right. I’m not, and I’m being quite careful with what I am doing. In short, there will be two different types of encrypted sessions: TLS, and something I’m calling OgSEC. The first most people are pretty familiar with, and Oganesson will allow a developer to create encrypted sessions which require identity checking and ones that don’t. The difference is the first time a client connects it can throw a hissyfit if the server’s TLS certificate doesn’t validate, or it can just Trust On First Use. There are valid reasons for both. OgSEC is inspired by CurveZMQ and CurveCP. It sets up encryption without needing certificates and uses DNSSEC for identity-checking. In short, you don’t have to mess with a certificate authority if you don’t want to.
Where To From Here
Development will continue to focus on finishing up encryption in Oganesson and then updating Mensago to use it. This very well could take a while, but it will be worth it in the end. The goal is for software on the Mensago platform to be easy for system administrators to manage, simple enough for regular people that they forget the software and focus on the task at hand, and secure so that everyone can be safe.