On 09/27/2009 07:17 AM, Gregory Maxwell wrote: > On Sun, Sep 27, 2009 at 1:44 AM, Ken Dreyer <ktdreyer@xxxxxxxxxxxx> wrote: > >> I read the wiki page[1] on Fedora's effort to consolidate all the >> crypto libraries. Quite an ambitious task! FWN [2] reported on the >> rather large discussion back in '07, but I didn't see any resolution. >> Is this still a goal for Fedora? The main wiki page hasn't been edited >> in almost a year (although the scorecard is still being maintained). >> >> The reason I bring all of this up is that Server Name Indication has >> recently been implemented into httpd's mod_ssl, but SNI is not present >> in mod_nss[3]. If we abandon mod_ssl for mod_nss, we would lose this >> functionality. >> > [snip] > > Is this even a fair and reasonable goal unless the NSS upstream is > really interested in becoming a superset of the functionality offered > by the other crypto libraries? (I don't know for surethat NSS' goal > is not to— but I think thats unlikely. It's hard to even start a > comparison because NSS doesn't appear to have developer documentation > covering low level cryptographic functions) > That is basically the goal. For the most port NSS is already there, though there is stuff in NSS, like server side SNI which hasn't been implemented. > Is it reasonable when other package upstreams may not find the > licensing of NSS to be acceptable (i.e. an upstream which is 100% BSD > for it and all its dependencies), or would prefer not to use NSS for > stylistic reasons— Would fedora carry patches for these applications > in perpetuity? > Why would a 100% BSD package have problem with MPL? > It's not even clear to me what exactly some of these goals mean i.e. > "Get a cert using Firefox, use it in SSH" when ssh doesn't (normally) > use X.509 certificates. > This is actually a problem for some customers;). bob
<<attachment: smime.p7s>>
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
