On Sun, Sep 27, 2009 at 1:44 AM, Ken Dreyer <ktdreyer@xxxxxxxxxxxx> wrote: > I read the wiki page[1] on Fedora's effort to consolidate all the > crypto libraries. Quite an ambitious task! FWN [2] reported on the > rather large discussion back in '07, but I didn't see any resolution. > Is this still a goal for Fedora? The main wiki page hasn't been edited > in almost a year (although the scorecard is still being maintained). > > The reason I bring all of this up is that Server Name Indication has > recently been implemented into httpd's mod_ssl, but SNI is not present > in mod_nss[3]. If we abandon mod_ssl for mod_nss, we would lose this > functionality. [snip] Is this even a fair and reasonable goal unless the NSS upstream is really interested in becoming a superset of the functionality offered by the other crypto libraries? (I don't know for surethat NSS' goal is not to— but I think thats unlikely. It's hard to even start a comparison because NSS doesn't appear to have developer documentation covering low level cryptographic functions) Is it reasonable when other package upstreams may not find the licensing of NSS to be acceptable (i.e. an upstream which is 100% BSD for it and all its dependencies), or would prefer not to use NSS for stylistic reasons— Would fedora carry patches for these applications in perpetuity? It's not even clear to me what exactly some of these goals mean i.e. "Get a cert using Firefox, use it in SSH" when ssh doesn't (normally) use X.509 certificates. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list