Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Oct 2017 13:46:33 +0000
From:      bf <bf1783@gmail.com>
To:        Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc:        Eric McCorkle <eric@metricspace.net>, Benjamin Kaduk <bjk@freebsd.org>,  "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, Ben Laurie <ben@links.org>,  "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>,  "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org>
Subject:   Re: Crypto overhaul
Message-ID:  <CAGFTUwNzRiz4ifuPr6RWemPUAnZv-bMDaLag5HXgUxhw0-Hs4g@mail.gmail.com>
In-Reply-To: <28039.1509260726@critter.freebsd.dk>
References:  <dc08792a-3215-611c-eb9f-4936a0d621f9@metricspace.net> <CAG5KPzws=jmF2wLeEAz8Lzn7Ugude=0w5neoQjeDjYnGtJpS9Q@mail.gmail.com> <13959.1509132270@critter.freebsd.dk> <CAG5KPzxGtAwV-svCv24FbZtLvxKCwX7OSyb2pPaTc63EUmFFGA@mail.gmail.com> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <df46aaa5-13a9-2fc6-bcd2-d57d792800eb@metricspace.net> <28039.1509260726@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 10/29/17, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> --------
> In message <df46aaa5-13a9-2fc6-bcd2-d57d792800eb@metricspace.net>, Eric
> McCorkl
> e writes:
>>On 10/28/2017 09:15, Poul-Henning Kamp wrote:
>>> --------
>>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk
>>> writes:
>>>
>>>> I would say that the 1.1.x series is less bad, especially on the last
>>>> count,
>>>> but don't know how much you've looked at the differences in the new
>>>> branch.
>>>
>>> While "less bad" is certainly a laudable goal for OpenSSL, I hope
>>> FreeBSD has higher ambitions.
>>>
>>
>>I'm curious about your thoughts on LibreSSL as a possible option.
>
> It retains the horrible APIs, so the potential improvement is finite.
>



OpenBSD started the task of making OpenSSL easier to use by adding
things like libtls

(see  https://man.openbsd.org/tls_init )

on top of their backwards-compatible libssl.  There are similar
efforts in other libraries like NaCl and its forks, such as libsodium
( cf. https://nacl.cr.yp.to/features.html and
https://www.gitbook.com/book/jedisct1/libsodium/details ).  Are these
the kind of changes you are suggesting?

Regards,
                   b.f.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGFTUwNzRiz4ifuPr6RWemPUAnZv-bMDaLag5HXgUxhw0-Hs4g>