From owner-freebsd-arch@FreeBSD.ORG  Fri Dec 10 22:32:14 2004
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9C39016A4CE
	for <freebsd-arch@freebsd.org>; Fri, 10 Dec 2004 22:32:14 +0000 (GMT)
Received: from mailserv1.neuroflux.com (mailserv1.neuroflux.com
	[204.228.228.92])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3132C43D3F
	for <freebsd-arch@freebsd.org>; Fri, 10 Dec 2004 22:32:14 +0000 (GMT)
	(envelope-from ryans@gamersimpact.com)
Received: (qmail 11783 invoked by uid 89); 10 Dec 2004 22:31:22 -0000
Received: from unknown (HELO www2.neuroflux.com) (127.0.0.1)
  by localhost with SMTP; 10 Dec 2004 22:31:22 -0000
Received: from 208.4.77.66
        (SquirrelMail authenticated user ryans@gamersimpact.com);
        by www2.neuroflux.com with HTTP;
        Fri, 10 Dec 2004 15:31:22 -0700 (MST)
Message-ID: <49534.208.4.77.66.1102717882.squirrel@208.4.77.66>
In-Reply-To: <200412101755.iBAHt55A090986@grovel.grondar.org>
References: Your message of "Fri, 10 Dec 2004 08:57:42 PST."            
    <41B9D586.5070403@wadham.ox.ac.uk>
    <200412101755.iBAHt55A090986@grovel.grondar.org>
Date: Fri, 10 Dec 2004 15:31:22 -0700 (MST)
From: "Ryan Sommers" <ryans@gamersimpact.com>
To: "Mark Murray" <markm@FreeBSD.ORG>
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
cc: Colin Percival <colin.percival@wadham.ox.ac.uk>
cc: freebsd-arch@freebsd.org
Subject: Re: Adding standalone RSA code
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2004 22:32:14 -0000

Mark Murray said:
> Colin Percival writes:
>>  > Is size really a concern?
>>
>> No.  The size is a side-effect of having a minimal, highly secure,
>> library, and was not a design consideration.
>
> "New" very often means "Insecure". I'd rather see something with lots
> of eyes over it, and OpenSSL has the advantage of having quite a few
> competent crypto guys grovel through it.
>
> I'm still inclined to say "Please stick with OpenSSL; it is the devil
> we know."

I have to say I'm with Mark and das@ (I believe it was). As good as
smaller and more efficeint sounds, when it comes to crypto libraries I'd
rather stick with OpenSSL. It's definately a lot more source code,
however, as stated above, it has quite a few more eyes on it as well.

With more people working on OpenSSL and auditing it I feel more
comfortable with a large developer-base familiar with the same code should
an issue crop up. What happens if during a lapse of ENOTIME for you a bug
comes up with the library and exposes a severe security flaw for an
application making use of it?

-- 
Ryan Sommers
ryans@gamersimpact.com