From owner-freebsd-arch@freebsd.org Fri Oct 27 20:20:15 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6AA3AE4FEC5; Fri, 27 Oct 2017 20:20:15 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-qt0-x241.google.com (mail-qt0-x241.google.com [IPv6:2607:f8b0:400d:c0d::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 22C6A75D27; Fri, 27 Oct 2017 20:20:15 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: by mail-qt0-x241.google.com with SMTP id v41so9863441qtv.12; Fri, 27 Oct 2017 13:20:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=hob5zPYqqke99nQrl/pKzkrDvJ/oVODIqCXCzeeLOMc=; b=mTvYrn/UTWC+1BBcZ9iuqBLZAqy0K83cqYMIjHz74r1YbXOb6eZaNZoHNabquiBixp 7fqk0rWFdjbZR6HReQ5JPuo30oC1u2Ya5yNyQnH4tlUr/nmUoNihwgS0DUbbHRkR6rEd uCL/MNrfJQP/JtxWYdWmYF5A2Lhn/xnOYYHQhbWxx4KamibrSjHohAcf2URHs/MZrNoD v2LtucNwVqkvkPHa79DLqFsjsuTQf6ym2S7aZcdZ0N0Hq2ihEjuk9VeoE/hY0L3Fp/k6 g/JWPmPo5GQKB0fI+A64rY/W/Z5MeaAIWAekF3bpzbxsat7UAZdKEAr11oHp/PzCYOUI Iz+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=hob5zPYqqke99nQrl/pKzkrDvJ/oVODIqCXCzeeLOMc=; b=RhPee9ZU4c54WHsYuCkpYeL/g9NmQfiQNaeo3XmD6crS0tG8E0DfDTstPaAvd2tUL2 3Gs5wfePxP3aByCwuQ6UsXJi3g+8YqL2s5ROyD1DDRfwXVAxmTjlaaWyXR8046u7vf5A OdcPc5StdCpbVZDDXVYB9bd1xIcCwB8pgzpQR6ChDS8w8AEr/DUbKK091im1wkAmG/+4 H4VYxAeLMN+YRbp6TYG5D5g3t2yNzaRv+IjD4U3ch6Yf0suhhpnKIHHMcIiphbZM4bBI mL873XSUnplk6+048dPkpEAmlaKDCnmdySDm1PtoR0RBVpMQXR04KpVb8hh3SpIHKF9k jkyw== X-Gm-Message-State: AMCzsaUD6875NBs3mNGKfZld5tJd7lD/+JWpyhuaAzm+1I87hNtnTjNo P0ddOfYZlHUxsz3JK5535GGuhYO7jHx7d1H4yP4dyQ== X-Google-Smtp-Source: ABhQp+QQc1awj77CB0MLCSrOltmcvmAmTqY2Ht1FmokSegFjSZOKR4CVsIw1YR1OuoMNxChR3YXggD/PDzG/EShiOq8= X-Received: by 10.200.43.78 with SMTP id 14mr2903815qtv.72.1509135614261; Fri, 27 Oct 2017 13:20:14 -0700 (PDT) MIME-Version: 1.0 Sender: benlaurie@gmail.com Received: by 10.200.22.174 with HTTP; Fri, 27 Oct 2017 13:20:13 -0700 (PDT) In-Reply-To: <13959.1509132270@critter.freebsd.dk> References: <13959.1509132270@critter.freebsd.dk> From: Ben Laurie Date: Fri, 27 Oct 2017 21:20:13 +0100 X-Google-Sender-Auth: ibYg2bI62ET_--wyIEY3HLGQGmM Message-ID: Subject: Re: Crypto overhaul To: Poul-Henning Kamp Cc: Eric McCorkle , "freebsd-security@freebsd.org security" , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Oct 2017 20:20:15 -0000 On 27 October 2017 at 20:24, Poul-Henning Kamp wrote: > -------- > In message > , Ben Laurie writes: > >>OpenSSL includes (and is used for) lots of crypto that is not used in >>SSL - since BearSSL targets SSL/TLS only, it can't, presumably, be >>used to replace all uses of OpenSSL. > > Which implicitly raises the question if we really need all the > boatloads of crap OpenSSL drags in, or if we would be in a better > position with something simpler and saner ? Indeed it does. Perhaps worth noting that since it was staffed, OpenSSL has removed a fair amount of crap, BTW. Anyway, to answer that question will presumably require someone to either try it, or figure out what is actually needed, crypto-wise. > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence.