Re: GnuTLS considered harmful
Andrew Bartlett <abartlet(a)samba.org> writes:
On Sat, 2008-02-16 at 14:44 -0800, Russ Allbery wrote:
> There are enough other reasons to use already-packaged software
and
> enough reasons to use Debian in preference to other distributions (for
> what we're doing at Stanford; I'm not interested in discussing that
> position with anyone on this list) that it was worth helping fund the
> development of the GnuTLS support. That support basically works,
> recommended or not, which is a better place than we were in before. I
> can only hope that it will get better in the future, or that some
> miracle will happen with either OpenSSL licensing or Debian's legal
> interpretation of copyright, none of which I have any real control
> over.
What would it take to create a third way here with Mozilla's NSS?
For my sanity in Samba4, I keep bugging those involved with NSS and
nss_compat_ossl to create a gnutls-like API to NSS. Some aspects of the
API I like, while other aspects of the GnuTLS implementation drive me
nuts - such as draining and blocking on /dev/random...
Development of a port to GnuTLS required changes on both sides, but wasn't
particularly expensive. I expect that a port to Mozilla's NSS wouldn't be
too much more difficult, although of course Howard would be the person to
ask for an estimate.
--
Russ Allbery (rra(a)stanford.edu) <http://www.eyrie.org/~eagle/>