id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
219	Use NaCl/Curve25519 for Tub authentication	str4d		"The current TubID system uses the `.startTLS()` method of the TCP for authenticating Tubs and securing connections. But with #203 on the horizon, foolscap will support endpoints that do not have (or need) `.startTLS()`, because they have their own encryption (I2P/Tor). Attempting to use the existing SSL TubIDs over these transports will require considerable heroics. Some FURLs may also contain multiple endpoints, and these should authenticate with the same TubID / public key regardless of transport.

At RWC2014 warner suggested moving to !NaCl crypto instead of SSL. This has the advantage of making Tub authentication independent of the transport used.

Legacy SSL TubIDs would still be supported, but only tcp location hints would be considered. The following table shows how location hints would be supported.

|| ||||||= Location Hint =||
||= TubID =|| tcp || i2p || tor ||
|| SSL || yes |||| no (unless heroics) ||
|| !NaCl |||||| uniform auth, aware of which transport is being used ||"	enhancement	new	major	undecided	negotiation	0.6.4