[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Freedombox CA

On Thu, 2013-09-12 at 16:51 -0400, Daniel Kahn Gillmor wrote:
> On 09/12/2013 04:40 PM, Simo wrote:
> > On Thu, 2013-09-12 at 15:13 +0100, keith at sd-kvm.me4.it wrote:
> >> Gnutls may be usable as an alternative to Openssl.
> >> It's already in Debian, new to me.
> > 
> > What's wrong with OpenSSL that GNUTLS get's right ?
> 
>  * Licensing that is not deliberately incompatible with the GPL.

Well the licensing story of openssl is complex, but it is not
deliberately incompatible as far as I know, the incompatibility is an
accident of history.

>  * A sane and modern library API (granted, parts of OpenSSL are have
> these features too; most projects are mired in the horror, though)

Hard for me to parse what you mean, but it is not like GnuTLS does not
have its flaws:
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html

Afaik this remains unchanged to date.

>  * delegation of specific tasks to other libraries, rather than
> kitchen-sink agglomeration.
> 
> There are probably other reasons.

Are you compiling a list on request because you have pet peeves ?

I do not deny OpenSSL is not the best API you can get, but I thought we
were discussing about the security of the library.

OpenSSL has got orders of magnitude more public scrutiny than gnutls so
I tend to trust OpenSSL more from this point of view.

So do you have actual issues with the crypto implementation ?

Simo.
Reply to: