crypto consolidation status?
Robert Relyea
rrelyea at redhat.com
Mon Sep 28 22:12:33 UTC 2009
On 09/26/2009 10:44 PM, Ken Dreyer wrote:
> I read the wiki page[1] on Fedora's effort to consolidate all the
> crypto libraries. Quite an ambitious task! FWN [2] reported on the
> rather large discussion back in '07, but I didn't see any resolution.
> Is this still a goal for Fedora? The main wiki page hasn't been edited
> in almost a year (although the scorecard is still being maintained).
>
It's on-going. Right now we are focused on 2 things:
1) Trying to remove the impediments for applications to go to NSS (as
much as is practical).
2) Moving most of core applications we need to NSS.
Dictating moves of upstream projects is not helpful. Finding those
things that prevent upstreams from at least using NSS as an option are.
We've been most successful when we provide upstream patches which allow
them to build for their choice of crypto toolkits.
> The reason I bring all of this up is that Server Name Indication has
> recently been implemented into httpd's mod_ssl, but SNI is not present
> in mod_nss[3]. If we abandon mod_ssl for mod_nss, we would lose this
> functionality.
>
Currently there are also a half dozen features in mod_nss that aren't in
mod_ssl. SNI is definately something that would be welcomed in NSS, and
would probably be implemented by the NSS team itself if it's not
contributed first;), particularly if it got added to the list of
impediments.
bob
> - Ken
>
> [1] https://fedoraproject.org/wiki/FedoraCryptoConsolidation
> [2] https://fedoraproject.org/wiki/FWN/Issue107#Crypto_Consolidation
> [3] https://bugzilla.mozilla.org/show_bug.cgi?id=360421
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3420 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090928/ec7a85a9/attachment.p7s>
More information about the fedora-devel-list
mailing list