Mailinglist Archive: opensuse-factory (422 mails)

["Matt Sealey" <matt@xxxxxxxxxxxxxx>]

On Sun, Jan 4, 2009 at 10:08 PM, Hubert Figuiere <hfiguiere@xxxxxxxxxx> wrote:
> On Sun, 2009-01-04 at 23:30 -0300, Cristian Rodríguez wrote:
> > Looks like openSSL is prefered by most proyects though.
>
> openSSL is not compatible with the GPL.

I don't think licensing is the issue at hand.

The more prudent thing is, is it the best crypto solution available?

The answer is a resounding "it's the most POPULAR.." - not necessarily
the best. Like the Fedora page says, NSS got certification four times.
Count the number of times OpenSSL got it. NSS also has more features
:D

Now, if you have something like a consolidated cryptography toolkit
(CryptoKit if you will) then it may well be based on NSS and do all
it's key generation, authentication, etc. and have as many great
features as possible (pam, smartcards, single keychain) - however it
would also, just like PackageKit does, hopefully bridge the gap
between all the OTHER cryptography suites. Apps could move to using
CryptoKit to secure a connection, and rely on a standard,
desktop-independent and distribution-independent cryptography suite.

Plus, it's not hard to make an OpenSSL workalike that simply wraps NSS
functionality. Or any of those libraries. Or in extreme cases, port an
app to NSS. Or have CryptoKit export all the keys to OpenSSL when they
get imported into NSS, and manage the transition. The idea is that
anything requiring credentials can rely on a standard backend like
CryptoKit, and securing network traffic between important apps can be
done using NSS (for instance zypper) through this single, abstracted
toolkit.

That's not to say that it isn't a huge overhaul, but damn it it's needed.

-- 
Matt Sealey <matt@xxxxxxxxxxxxxx>
Genesi, Manager, Developer Relations
N�����r��y隊Z)z{.���r�+�맲��r��z�^�ˬz����uح��ڕ�&��ݱ隊Z)z{.���r�+��^��)z{.��+