On 4/30/17 11:51 PM, James wrote: > I think we want standard TLS. I know enough about cryptography to > know that I really don't want to roll my own. So I guess OpenSSL is > what we'll use but then, maybe, something else for local file > cryptography and signing. We might even use OpenPGP as a helper > application.
TLS for data in motion plus PGP for data at rest sounds like a fine choice. One very big win over NaCl/libsodium based solutions is that you have a mature story for key and certificate management. You might consider libressl instead of openssl: "LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes. Primary development occurs inside the OpenBSD source tree with the usual care the project is known for." Cheers, Tony -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
