Re: libnss consolidation (was: Re: X.509 and CA certificates for other purposes (i.e. the IGTF))

Le 10 juin 2013 07:06, "Florian Weimer" a écrit : > > * Bastien ROUCARIES: > > > Maybe crypto consolidation arround libnss will greatly help here. > > jessie release goal ? > > NSS has lots of global state, and its proper initialization from > another library is difficult. Could you give some poi

libnss consolidation (was: Re: X.509 and CA certificates for other purposes (i.e. the IGTF))

* Bastien ROUCARIES: > Maybe crypto consolidation arround libnss will greatly help here. > jessie release goal ? NSS has lots of global state, and its proper initialization from another library is difficult. Switching over to it is probably doable, but it's not really straightforward. On the ot

Re: libnss consolidation

Brian May writes: > On 31 May 2013 20:19, Bastien ROUCARIES wrote: > >> Gnutls is really crappy about suid >> see http://lists.debian.org/debian-devel/2010/03/msg00298.html > > > 2+ years later or 2 Debian releases later, I would have hoped these issues > would be, somehow, magically, fixed by n

Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

On Fri, May 31, 2013 at 12:19:27PM +0200, Bastien ROUCARIES wrote: > On Fri, May 31, 2013 at 4:42 AM, brian m. carlson > wrote: > > NSS does not support TLS 1.2. Since RC4 is not used securely in TLS, > > and the only other choice in TLS 1.1 and earlier is block ciphers with > > CBC, this means t

Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

On 31 May 2013 20:19, Bastien ROUCARIES wrote: > Gnutls is really crappy about suid > see http://lists.debian.org/debian-devel/2010/03/msg00298.html 2+ years later or 2 Debian releases later, I would have hoped these issues would be, somehow, magically, fixed by now :-( Basically makes libpam-

Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

On Fri, May 31, 2013 at 4:42 AM, brian m. carlson wrote: > On Thu, May 30, 2013 at 04:04:47PM +0200, Bastien ROUCARIES wrote: >> > Cons: >> > >> > - not all crypto libraries are equivalent; choosing one will exclude >> > some functionality provided by others >> >> SEE compat layer >> > - we someho

Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

On Thu, May 30, 2013 at 04:04:47PM +0200, Bastien ROUCARIES wrote: > > Cons: > > > > - not all crypto libraries are equivalent; choosing one will exclude > > some functionality provided by others > > SEE compat layer > > - we somehow have to deal with legacy systems that can't convert > > - adopti

Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

Le 30 mai 2013 14:08, "Dennis van Dok" a écrit : > > On 30-05-13 13:16, Bastien ROUCARIES wrote: > > > Using only one lib for crypto (libnss) will allow to use only one > > trust certificate format > > 'Allow only one' doesn't immediately strike me as beneficial, but I see > what you mean. The dis

Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

On 30-05-13 13:16, Bastien ROUCARIES wrote: > Using only one lib for crypto (libnss) will allow to use only one > trust certificate format 'Allow only one' doesn't immediately strike me as beneficial, but I see what you mean. The discussion is similar to others (such as about which init system to