On Sat, Jul 19, 2014 at 12:59 PM, Yamaban <foerster@lisas.de> wrote:
On Sat, 19 Jul 2014 16:35, Cristian Rodríguez <crrodriguez@...> wrote:
El 19/07/14 08:45, Johannes Kastl escribió:
On 18.07.14 10:29 Jan Engelhardt wrote:
tl;dr: libressl makes a lot of people sleep better at night. ;)
+1 for giving people the choice between different SSL-implementations.
This is exactly we must not do, we must focus on providing ONE working solution and not many half-backed ones.
@Cristian: please give proof of your expertise in crypto algoritms and high-security programming before spamming such a reply.
OpenSSL has been aroung for a long time now, and has not had a fundamental code reordering and adaption to modern needs in the last ten years.
It's quite clear you don't have such a security background, because if you had, you would know that you don't touch security-critical code just to reorder it. You leave it alone unless there's proof that what you're doing fixes things, and not the opposite. Mere reordering, mere optimization can be a security issue (read about somewhat recent issues with ssh's rng cause by a "small optimization").
Cruft in the code? Oh yes! Just looking at it gives me back the feeling of 1995, again.
Most of the newer security needs is addressed as just tagged on code. A rewrite, function for function is a dire need.
Certainly not. You don't do that with security-critical code. Code like this needs heavy auditing and years of field testing, you just don't throw away all that field testing for a pointless rewrite.
I see LibreSSL as a first step to providing a 'drop in' replacement.
Which is what I see LibeSSL as. A pointless rewrite.
Nothing against a fully working solution. But prof on the 'fully working' is now, - after heartbleed and the debacles before that,- much more needed then before.
Remember, heartbleed was caused by light-minded modifications, which is the kind LibreSSL is doing now, only in bulk. But with time, this rewrite may be good enough. With time. Not now. That said, I do have some experience in security, and even though I don't think LibreSSL is good for real use right now, I see it as a good thing to provide it for those that want to test it. Without it, it may take it longer to be fieldtested enough to consider as a reasonable replacement. I just wouldn't make it default by any means. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org