[Freedombox-discuss] Freedombox CA
Simo
simo at samba.org
Thu Sep 12 22:18:57 UTC 2013
On Thu, 2013-09-12 at 16:51 -0400, Daniel Kahn Gillmor wrote:
> On 09/12/2013 04:40 PM, Simo wrote:
> > On Thu, 2013-09-12 at 15:13 +0100, keith at sd-kvm.me4.it wrote:
> >> Gnutls may be usable as an alternative to Openssl.
> >> It's already in Debian, new to me.
> >
> > What's wrong with OpenSSL that GNUTLS get's right ?
>
> * Licensing that is not deliberately incompatible with the GPL.
Well the licensing story of openssl is complex, but it is not
deliberately incompatible as far as I know, the incompatibility is an
accident of history.
> * A sane and modern library API (granted, parts of OpenSSL are have
> these features too; most projects are mired in the horror, though)
Hard for me to parse what you mean, but it is not like GnuTLS does not
have its flaws:
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
Afaik this remains unchanged to date.
> * delegation of specific tasks to other libraries, rather than
> kitchen-sink agglomeration.
>
> There are probably other reasons.
Are you compiling a list on request because you have pet peeves ?
I do not deny OpenSSL is not the best API you can get, but I thought we
were discussing about the security of the library.
OpenSSL has got orders of magnitude more public scrutiny than gnutls so
I tend to trust OpenSSL more from this point of view.
So do you have actual issues with the crypto implementation ?
Simo.
More information about the Freedombox-discuss
mailing list