[Date Prev][Date Next]
Re: GnuTLS considered harmful
Andrew Bartlett <firstname.lastname@example.org> writes:
> On Sat, 2008-02-16 at 14:44 -0800, Russ Allbery wrote:
>> There are enough other reasons to use already-packaged software and
>> enough reasons to use Debian in preference to other distributions (for
>> what we're doing at Stanford; I'm not interested in discussing that
>> position with anyone on this list) that it was worth helping fund the
>> development of the GnuTLS support. That support basically works,
>> recommended or not, which is a better place than we were in before. I
>> can only hope that it will get better in the future, or that some
>> miracle will happen with either OpenSSL licensing or Debian's legal
>> interpretation of copyright, none of which I have any real control
> What would it take to create a third way here with Mozilla's NSS?
> For my sanity in Samba4, I keep bugging those involved with NSS and
> nss_compat_ossl to create a gnutls-like API to NSS. Some aspects of the
> API I like, while other aspects of the GnuTLS implementation drive me
> nuts - such as draining and blocking on /dev/random...
Development of a port to GnuTLS required changes on both sides, but wasn't
particularly expensive. I expect that a port to Mozilla's NSS wouldn't be
too much more difficult, although of course Howard would be the person to
ask for an estimate.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>