From owner-freebsd-arch  Thu Aug  1 12:46:47 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8A80E37B400; Thu,  1 Aug 2002 12:46:41 -0700 (PDT)
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id EADDE43E88; Thu,  1 Aug 2002 12:46:39 -0700 (PDT)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0503.cvx22-bradley.dialup.earthlink.net ([209.179.199.248] helo=mindspring.com)
	by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 17aLtG-00044o-00; Thu, 01 Aug 2002 12:45:42 -0700
Message-ID: <3D498FB4.6987B696@mindspring.com>
Date: Thu, 01 Aug 2002 12:44:52 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Mikhail Teterin <mi+mx@aldan.algebra.com>
Cc: Alexandr Kovalenko <never@nevermind.kiev.ua>,
	Jacques Vidrine <nectar@FreeBSD.ORG>, arch@FreeBSD.ORG
Subject: Re: OpenSSL vs. -lmd
References: <200207311641.g6VGfRWj099655@freefall.freebsd.org> <20020801143059.GA536@nevermind.kiev.ua> <200208011151.55478.mi+mx@aldan.algebra.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

Mikhail Teterin wrote:
> Do we still need the separate message digest library -lmd? I used to
> prefer it myself, but all of the digests are now available in OpenSSL,
> which is likely to be present on more systems AND is optimized in
> assembler...

Inclusion of OpenSSL in FreeBSD was probably a mistake, since
it was not brought in on a vendor branch, and is so mixed up
in various code that it's hard to keep up with changes for
security updates.

As a matter of general principle, it seems to me that MD5 and
friends are unlikely to ever change functionally, whereas the
other things that come with the package can change rather
frequently, since they speak to policy.

Consider that it is very hard to use an updated OpenSSL (e.g.
0.9.7-Beta or 0.9.6e) with FreeBSD these days.

Also consider that it's hard to build a project whose code is
independent of FreeBSD itself, with all these interfaces in
the base OS by default.

My recommendation is to keep the "md" library.  It satisfies
the "mechanism, not policy" philosophy in a way that OpenSSL
does not.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message