[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DotGNU]Encryption protocols

From: Chris Smith
Subject: Re: [DotGNU]Encryption protocols
Date: Sat, 15 Mar 2003 00:30:38 +0000
User-agent: KMail/1.4.3

On Tuesday 11 Mar 2003 22:00, Norbert Bollow wrote:
> I think with "fairly compatible", Chris means "GPL-incompatible in a
> manner that can be worked around with a linking exception."

Yep. Basically, but I was also (badly) trying to raise the following:

> In any case, the GNU libs, libgcrypt and GNU TLS should be the
> default, simply because they're part of GNU, and if there should
> be a serious problem with either of them, we should contribute
> to fixing the problem rather than choosing a different default.

Which was the drift of my post.  We should at least support openSSL but not 
release code that _relies_ on it.  That would be a no-no as Stephen quite 
correctly points out it's not GPL friendly as far as we're concerned (from a 
moral standpoint if nothing else!).  However the end user deploying a system 
for their own use may draw some comfort from being able to use openSSL, being 
the mature respected package it is.  It's one of those bits of licence-free 
software that is accepted in the commercial world, and in the area of 
security of all places!!

> However, of course when there are Free Software libs which are as
> popular as OpenSSL we want to make it easy (e.g. with a configure
> option) for people to link with OpenSSL instead of the default.

Exactly why I was suggesting that we implement the encryption layer(s) through 
an abstraction layer to detatch the details of the chosen encryption toolkit 
from the dotGNU 'proper' layer.  (Kind of like DBI, DBD database abstraction 
in Perl).  That way multiple encryption toolkits can be supported beneith a 
common interface.

This is of course ideally...... I know only too well the problems and 
headaches this approach brings....  but does tend to benifit things in the 
long run.  If only we had the power of hindsight right now. Probably will 
never happen.  Just thought I'd mention it anyway.

'nuf said :o)


Chris Smith
  Technical Architect - netFluid Technology Ltd.
  "Internet Technologies, Distributed Systems and Tuxedo Consultancy"
  E: address@hidden  W:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]