[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: crypto consolidation status?

On 09/26/2009 10:44 PM, Ken Dreyer wrote:
> I read the wiki page[1] on Fedora's effort to consolidate all the
> crypto libraries. Quite an ambitious task! FWN [2] reported on the
> rather large discussion back in '07, but I didn't see any resolution.
> Is this still a goal for Fedora? The main wiki page hasn't been edited
> in almost a year (although the scorecard is still being maintained).
It's on-going. Right now we are focused on 2 things:

1) Trying to remove the impediments for applications to go to NSS (as
much as is practical).
2) Moving most of core applications we need to NSS.

Dictating moves of upstream projects is not helpful. Finding those
things that prevent upstreams from at least using NSS as an option are.
We've been most successful when we provide upstream patches which allow
them to build for their choice of crypto toolkits.
> The reason I bring all of this up is that Server Name Indication has
> recently been implemented into httpd's mod_ssl, but SNI is not present
> in mod_nss[3]. If we abandon mod_ssl for mod_nss, we would lose this
> functionality.
Currently there are also a half dozen features in mod_nss that aren't in
mod_ssl.  SNI is definately something that would be welcomed in NSS, and
would probably be implemented by the NSS team itself if it's not
contributed first;), particularly if it got added to the list of

> - Ken
> [1] https://fedoraproject.org/wiki/FedoraCryptoConsolidation
> [2] https://fedoraproject.org/wiki/FWN/Issue107#Crypto_Consolidation
> [3] https://bugzilla.mozilla.org/show_bug.cgi?id=360421

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]