On Sat, 19 Jul 2014 16:35, Cristian Rodríguez <crrodriguez@...> wrote:
El 19/07/14 08:45, Johannes Kastl escribió:
On 18.07.14 10:29 Jan Engelhardt wrote:
tl;dr: libressl makes a lot of people sleep better at night. ;)
+1 for giving people the choice between different SSL-implementations.
This is exactly we must not do, we must focus on providing ONE working solution and not many half-backed ones.
@Cristian: please give proof of your expertise in crypto algoritms and high-security programming before spamming such a reply. OpenSSL has been aroung for a long time now, and has not had a fundamental code reordering and adaption to modern needs in the last ten years. Cruft in the code? Oh yes! Just looking at it gives me back the feeling of 1995, again. Most of the newer security needs is addressed as just tagged on code. A rewrite, function for function is a dire need. I see LibreSSL as a first step to providing a 'drop in' replacement. Either the guys from OpenSSL get their ass in gear, or they will drop to further run. Nothing against a fully working solution. But prof on the 'fully working' is now, - after heartbleed and the debacles before that,- much more needed then before. Would Intel produce processors as good as they are now without the pressure of AMD as competitor? I do not think so. Was/Is the rivality between AMD and Intel good for the customers? Mostly yes, but there where fringes. That is live. Monoculture will kill it self. History has proven that. (How many text-editors are in OSS? Think!) - Yamaban.