[Cryptography] LibreSSL (was Re: bounded pointers in C)
Stephan Neuhaus
stephan.neuhaus at tik.ee.ethz.ch
Tue Apr 22 15:42:53 EDT 2014
On 2014-04-22, 06:56, Nemo wrote:
> http://www.libressl.org/
That web page says "At the moment we are too busy deleting and rewriting
code to make a decent web page", which implies, or at east suggests to
me, that this project will be reusing OpenSSL's architecture.
I think that if you want to make something that's substantially better
than OpenSSL, it would be a good idea to stop for a moment and think of
how you want your library to be used. I doubt that if you tried to
design an SSL/TLS API from the API user's point of view, something like
OpenSSL would come out. So why not make a clean-slate design, steal
those parts of OpenSSL that you can (the basic crypto algorithms,
probably) and reinvent and rewrite the rest?
If you want to know how this can be done, may I suggest that you take a
look at Peter Gutmann's CryptLib? If you prefer dead trees over code,
you could do worse than look at
http://www.amazon.com/Cryptographic-Security-Architecture-Design-Verification/dp/0387953876/ref=sr_1_1/187-5725791-1098448
Fun,
Stephan
More information about the cryptography
mailing list