From:
David Boreham <david_list(at)boreham(dot)org>
To:
Martijn van Oosterhout <kleptog(at)svana(dot)org>
Cc:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>,
Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>,
pgsql-hackers(at)postgresql(dot)org, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>,
mark(at)mark(dot)mielke(dot)cc, Mark Kirkwood <markir(at)paradise(dot)net(dot)nz>
Subject:
Re: TODO: GNU TLS
Date:
2007-01-02 20:52:45
Message-ID:
459AC61D.6070905@boreham.org (view raw or flat )
Thread:
2006-12-28 18:00:05 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-28 18:01:41 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 18:13:14 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-28 18:36:55 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 18:46:37 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-28 18:52:54 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 18:58:42 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-28 19:06:10 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 19:10:23 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-28 19:17:09 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-12-28 19:48:56 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 20:41:55 from mark(at)mark(dot)mielke(dot)cc
2006-12-28 21:32:55 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 20:29:48 from mark(at)mark(dot)mielke(dot)cc
2006-12-28 20:56:48 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 21:10:34 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2006-12-28 21:33:07 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-28 21:54:29 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 22:16:58 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2006-12-28 22:47:35 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2006-12-28 23:10:51 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 23:32:13 from mark(at)mark(dot)mielke(dot)cc
2006-12-29 02:34:05 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-29 05:08:37 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-12-29 10:54:00 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2006-12-29 13:52:08 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-29 15:58:37 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-12-29 16:37:12 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-29 06:47:48 from mark(at)mark(dot)mielke(dot)cc
2006-12-29 07:31:34 from Mark Kirkwood <markir(at)paradise(dot)net(dot)nz>
2006-12-29 14:52:08 from mark(at)mark(dot)mielke(dot)cc
2006-12-29 15:11:37 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2006-12-29 15:50:35 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-29 17:08:07 from mark(at)mark(dot)mielke(dot)cc
2006-12-29 18:24:16 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-29 18:32:34 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-29 18:39:19 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-29 19:16:05 from mark(at)mark(dot)mielke(dot)cc
2006-12-29 19:49:50 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-29 20:00:41 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-29 22:57:12 from Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>
2006-12-29 23:21:50 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-29 23:56:56 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 00:09:42 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-30 00:43:53 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 00:58:33 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-30 01:12:47 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 15:15:50 from David Fetter <david(at)fetter(dot)org>
2006-12-30 15:38:15 from Magnus Hagander <magnus(at)hagander(dot)net>
2006-12-30 19:21:18 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 19:45:31 from Magnus Hagander <magnus(at)hagander(dot)net>
2006-12-30 01:01:01 from Theo Schlossnagle <jesus(at)omniti(dot)com>
2006-12-30 01:05:37 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-30 04:29:11 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-30 04:39:40 from "Andrew Dunstan" <andrew(at)dunslane(dot)net>
2006-12-30 14:41:57 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 07:10:42 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-12-30 11:39:16 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2006-12-30 14:55:47 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 15:36:43 from Magnus Hagander <magnus(at)hagander(dot)net>
2006-12-30 16:14:16 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-30 17:05:14 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2006-12-30 17:26:12 from mark(at)mark(dot)mielke(dot)cc
2006-12-30 18:44:14 from Magnus Hagander <magnus(at)hagander(dot)net>
2006-12-30 19:26:17 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 18:05:23 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-30 19:28:10 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 19:48:53 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2007-01-01 22:07:47 from Chris Browne <cbbrowne(at)acm(dot)org>
2006-12-30 19:22:59 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 14:49:48 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-31 02:54:34 from David Boreham <david_list(at)boreham(dot)org>
2006-12-31 03:14:19 from Stephen Frost <sfrost(at)snowman(dot)net>
2007-01-02 18:20:20 from David Boreham <david_list(at)boreham(dot)org>
2007-01-02 18:29:35 from Stephen Frost <sfrost(at)snowman(dot)net>
2007-01-02 18:48:42 from David Boreham <david_list(at)boreham(dot)org>
2007-01-02 19:59:05 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2007-01-02 20:52:45 from David Boreham <david_list(at)boreham(dot)org>
2007-01-02 18:44:34 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2007-01-02 18:55:28 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2007-01-02 19:02:40 from David Boreham <david_list(at)boreham(dot)org>
2007-01-02 19:21:38 from Stephen Frost <sfrost(at)snowman(dot)net>
2007-01-02 19:18:23 from Stephen Frost <sfrost(at)snowman(dot)net>
2007-01-02 19:25:34 from David Boreham <david_list(at)boreham(dot)org>
2007-01-02 19:50:15 from Stephen Frost <sfrost(at)snowman(dot)net>
2007-01-02 19:51:27 from Bruce Momjian <bruce(at)momjian(dot)us>
2007-01-02 20:01:34 from Stephen Frost <sfrost(at)snowman(dot)net>
2007-01-02 20:04:23 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2007-01-02 20:07:30 from Stephen Frost <sfrost(at)snowman(dot)net>
2007-01-03 14:12:21 from Florian Weimer <fw(at)deneb(dot)enyo(dot)de>
2007-01-03 15:17:16 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 14:36:03 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 18:32:38 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-30 19:50:28 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 18:38:59 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-30 19:17:08 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 19:21:21 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-30 19:44:28 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 20:29:09 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-30 20:56:03 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 21:48:32 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-30 21:56:15 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-30 22:03:23 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-30 23:27:16 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2006-12-31 02:02:36 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-31 03:15:44 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-31 03:18:04 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-31 04:03:22 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-31 04:21:29 from mark(at)mark(dot)mielke(dot)cc
2006-12-30 18:44:58 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-30 19:12:02 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-29 15:38:42 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-29 08:59:41 from "Jochem van Dieten" <jochemd(at)gmail(dot)com>
2006-12-29 17:08:00 from August Zajonc <augustz(at)augustz(dot)com>
2006-12-29 18:33:03 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-12-28 18:02:24 from Bruce Momjian <bruce(at)momjian(dot)us>
2006-12-28 18:14:25 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-31 14:25:42 from Markus Schiltknecht <markus(at)bluegap(dot)ch>
2006-12-31 14:59:29 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2006-12-31 15:42:42 from mark(at)mark(dot)mielke(dot)cc
2006-12-31 15:58:23 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-12-31 16:49:07 from Markus Schiltknecht <markus(at)bluegap(dot)ch>
2006-12-31 16:09:01 from Markus Schiltknecht <markus(at)bluegap(dot)ch>
Lists:
pgsql-hackers
Martijn van Oosterhout wrote:
>- Thread safety (GnuTLS is thread-safe by design, no locks needed)
>- Proper layering (creating your own I/O function is trivial)
>- Seperate namespace
>- Non-blocking support from the get-go
>
>were taken care of. Since people are citing maintainability as a
>concern, I think you really have wonder whether NSS is a better
>choice.
>
>
Well...IMO NSS has some things that GNU TLS does not (correct me if
wrong on this, since my knowledge of GNU TLS is not extensive):
1. Very widely deployed, hence high level of confidence in its
interoperability, higher level of trust by the crypto community.
2. Backed by several large commercial organizations, hence
has support for new-fangled ciphers (elliptic curve ciphers for example,
Suite B, etc)
and also hardware crypto accelerators and hard tokens.
3. Used in a popular web browser, hence subject to a reasonably
high level of effort to find and fix security bugs.
4. FIPS-140 certified. Used widely by US gubment.
5. Much work done over the years on crypto performance.
BTW NSS is also thread-safe, has layering (perhaps not the kind
of layering that everyone needs though) and supports non-blocking
sockets. NSS and NSPR functions are sensibly prefixed so
naming collisions should not occur.
Note that I'm not pushing NSS for PG - my choice would be OpenSSL.
Just presenting some info for balance, since I happen to know a something
about NSS.
In response to
pgsql-hackers by date
Next :From: Andrew DunstanDate: 2007-01-02 20:54:59Subject : Re: [HACKERS] Recent SIGSEGV failures in buildfarm HEADPrevious :From : Tom LaneDate : 2007-01-02 20:42:50Subject : Upcoming back-branch releases
