From owner-freebsd-arch@FreeBSD.ORG Sat Dec 11 02:05:21 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB31316A4CE for ; Sat, 11 Dec 2004 02:05:20 +0000 (GMT) Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8673C43D2D for ; Sat, 11 Dec 2004 02:05:20 +0000 (GMT) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1]) by dragon.nuxi.com (8.13.1/8.13.1) with ESMTP id iBB25JAV074930; Fri, 10 Dec 2004 18:05:19 -0800 (PST) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.13.1/8.13.1/Submit) id iBB25Jvr074929; Fri, 10 Dec 2004 18:05:19 -0800 (PST) (envelope-from obrien) Date: Fri, 10 Dec 2004 18:05:18 -0800 From: "David O'Brien" To: Colin Percival Message-ID: <20041211020518.GA74718@dragon.nuxi.com> References: <41B92CF3.2090302@wadham.ox.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41B92CF3.2090302@wadham.ox.ac.uk> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 6.0-CURRENT Organization: The NUXI BSD Group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 cc: freebsd-arch@freebsd.org Subject: Re: Adding standalone RSA code X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-arch@freebsd.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2004 02:05:21 -0000 On Thu, Dec 09, 2004 at 08:58:27PM -0800, Colin Percival wrote: > I'd like to add a new library for lightweight barebones RSA > computations, and associated commandline rsa-makekey, rsa-sign, > and rsa-verify utilities. .. > Any objections? Without a stronger justification than what was given in this thread, I have to side with Mark Murry and David Schultz. While your library may be perfect for your FreeBSD Update; I fear it may become the /usr/src fad to use your library over OpenSSL, even in cases where speed and HW support is important. I am also concerned about a future found security problem that you are ETOOBUSY to deal with and someone else totally unfamiliar with the code has to deal with it. At the moment, I think your library code should just be part of your FreeBSD Update code if you find you simply cannot use OpenSSL. Or make your library a port in which only a static library is provided. -- -- David (obrien@FreeBSD.org)