From owner-freebsd-arch@FreeBSD.ORG Sat Dec 11 07:54:54 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7713E16A4FD for ; Sat, 11 Dec 2004 07:54:54 +0000 (GMT) Received: from ns1.xcllnt.net (209-128-86-226.bayarea.net [209.128.86.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E9B043D48 for ; Sat, 11 Dec 2004 07:54:54 +0000 (GMT) (envelope-from marcel@xcllnt.net) Received: from [192.168.4.250] (dhcp50.pn.xcllnt.net [192.168.4.250]) by ns1.xcllnt.net (8.13.1/8.13.1) with ESMTP id iBB7srfH025030; Fri, 10 Dec 2004 23:54:53 -0800 (PST) (envelope-from marcel@xcllnt.net) In-Reply-To: <41BA6BDE.5070909@wadham.ox.ac.uk> References: <41B92CF3.2090302@wadham.ox.ac.uk> <20041211020518.GA74718@dragon.nuxi.com> <41BA6BDE.5070909@wadham.ox.ac.uk> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Marcel Moolenaar Date: Fri, 10 Dec 2004 23:54:53 -0800 To: Colin Percival X-Mailer: Apple Mail (2.619) cc: freebsd-arch@freebsd.org Subject: Re: Adding standalone RSA code X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2004 07:54:54 -0000 On Dec 10, 2004, at 7:39 PM, Colin Percival wrote: > I'm not quite sure I understand what you're saying here. The entire > point > of this discussion is that bringing my RSA code into the base systme > is an > obvious first step towards bringing FreeBSD Update into the base > system, > which is something I've been asked countless times (by both committers > and > users) to do. I may have missed this, but can openssl(1) be used at all or do you need functionality not present in openssl(1)? The reason I ask is that arguments about security issues, code size and performance are mostly second order and highly subjective. I recall you mentioned that using openssl(1) resulted in a "large" binary and gave a size that's simply not the worth the fuzz if you ask me (it was less than .5MB -- I don't even care if there's an error margin of 50%, it's not worth my consideration. YMMV). My point is that if you can use openssl(1), do so. Import FreeBSD update and make it work on all platforms. If there's a genuine need, backed by requests that openssl(1) should be replaced because it has some negative characteristics that hamper development, usability or whatever, then (and only then) can we meaningfully discuss and argue whether such replacement is worth it. At this time I don't see a need at all. I do see a need to have FreeBSD update work on all platforms and that would be my first requirement for putting FreeBSD update in the base system. My 0.02 smurfs, -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net