From nmav at ovrimos.com Wed Aug 1 10:46:01 2001 From: nmav at ovrimos.com (Nikos Mavroyanopoulos) Date: Wed Aug 1 10:46:01 2001 Subject: x509 certificate verify Message-ID: <20010801115340.1feed2ee.nmav@ovrimos.com> Hello, While implementing the verification function for x509 certificates, I came to the following: How should the caller verify the peer's Common Name (which in case of http servers is the dns name of the server). One approach (and currently implemented) was to provide a function (currently gnutls_set_X509_cn()), which will set a string that will be compared against the peer's CN, within the verification function. If this does not match returns E_WRONG_CN. The other approach is to do nothing (only verify the certificate path), and let the caller do the checks with CN etc. I've implemented the first but in case of client authentication the server may not only need to check the peer's CN but also some fields like O, OU, or even some of the issuer's fields. Thus I'm thinking to move to the second approach, instead of providing a complex function, that will do the necessary comparisons. What do you think? -- Nikos Mavroyanopoulos From nmav at ovrimos.com Thu Aug 2 14:26:02 2001 From: nmav at ovrimos.com (Nikos Mavroyanopoulos) Date: Thu Aug 2 14:26:02 2001 Subject: Fw: Arcfour fixed Message-ID: <20010802153223.2c1581bc.nmav@ovrimos.com> With this fix gnutls can be used with arcfour too. Begin forwarded message: Date: 02 Aug 2001 11:53:13 +0200 From: Werner Koch To: gcrypt-devel at gnupg.org Subject: Arcfour fixed Hi, 2 silly bugs stopped us from using Arcfour in Libgcrypt. Here is the fix against 1.1.3: Index: arcfour.c =================================================================== RCS file: /cvs/gnupg/libgcrypt/cipher/arcfour.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- arcfour.c 2001/05/31 14:16:54 1.3 +++ arcfour.c 2001/08/02 09:48:40 1.4 @@ -78,8 +78,8 @@ if( selftest_failed ) return GCRYERR_SELFTEST; - if( keylen < 40 ) - return GCRYERR_INV_KEYLEN; + if( keylen < 40/8 ) /* we want at least 40 bits */ + return GCRYERR_INV_KEYLEN; ctx->idx_i = ctx->idx_j = 0; for (i=0; i < 256; i++ ) @@ -118,6 +118,7 @@ encrypt_stream( &ctx, scratch, plaintext_1, sizeof(plaintext_1)); if (memcmp (scratch, ciphertext_1, sizeof (ciphertext_1))) return "Arcfour encryption test 1 failed."; + arcfour_setkey( &ctx, key_1, sizeof(key_1)); encrypt_stream(&ctx, scratch, scratch, sizeof(plaintext_1)); /* decrypt */ if ( memcmp (scratch, plaintext_1, sizeof (plaintext_1))) return "Arcfour decryption test 1 failed."; @@ -159,7 +160,3 @@ return "ARCFOUR"; return NULL; } - - - - -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus -- Nikos Mavroyanopoulos From softwarenieuws at teledirekt.nl Thu Aug 2 14:35:05 2001 From: softwarenieuws at teledirekt.nl (Teledirekt Nederland) Date: Thu Aug 2 14:35:05 2001 Subject: Teledirekt Nederland SoftwareNieuws | Juli 2001 Message-ID: <200842001842123618960@teledirekt.nl> Geachte heer/mevrouw Hartelijk welkom bij Teledirekt Nederland SoftwareNieuws. Teledirekt Nederland is het grootste postorderbedrijf in Nederland op het gebied van software. Wilt u extra productinformatie of een goed advies? Bel dan GRATIS de Teledirekt Verkoopadvieslijn: 0800 - 237 66 44. Als u deze nieuwsbrief in het vervolg niet meer wilt ontvangen, kunt u dit aangeven op: http://www.teledirektnederland.nl/maillijst2.htm In onze nieuwsbrief proberen we iedere keer weer een aantal interessante producten en exclusieve aanbiedingen voor u op een rijtje te zetten die niet in onze brochure staan. Zo ook deze keer. Wat denkt u van de PENCAM? Een digitaal fototoestel, een webcam en een videocamera in ??n. Een ideaal apparaatje dat ongeveer 70 gram weegt, nauwelijks groter is dan een balpen en normaal gesproken fl. 189,- kost. U kunt de PENCAM exclusief bestellen voor: fl. 169,-. Dat betekent een korting van ruim 10% (maximaal 3 per klant). Wilt u even uitblazen na een pittige vergadering? Een ontspannend spel doet wonderen. We bieden u 5 CD-Roms met in totaal 2222 POPULAIRE SPELLEN voor slechts fl. 39,-. Bent u trouwens al helemaal klaar voor de Euro? Met EURO OFFICE kunt u namelijk (automatisch of handmatig) uw Microsoft Excel en Word documenten omzetten naar de Euro. Het programma scant bijvoorbeeld al uw Excel documenten en zet alle bedragen om naar de Euro. Prijs: fl. 99,-. * UITGELICHT * - PENCAM - 2222 SPELLEN - EURO OFFICE - MCAFEE VIRUSSCAN + WINDELETE - CD-FOONGIDS 2001 INCL. ADRESBESTAND COMPACT - KILOMETERDECLARATIE 2001 - CRASH-DOKTER LITE * BUNDEL VAN DE WEEK * - 5 DAVILEX CURSUSSEN VOOR DE PRIJS VAN 1 U BESTELT VIA DEZE E-MAIL VOOR MEER DAN FL. 250,-? (excl. administratiekosten en excl. BTW) DAN ONTVANGT U GRATIS EEN HANDIGE CD-OPBERGMAP. ============================================================== # PENCAM: DIGITAAL FOTOTOESTEL, WEBCAM EN VIDEOCAMERA IN ??N - Bevat nieuwste technologie. - Weegt slechts 70 gram. - Is nauwelijks groter dan een balpen. - Interne geheugen slaat 80 foto's op (resolutie 176x144). - LCD-scherm met o.a. info over: beeldkwaliteit, instelling zelfontspanner. - Videomodus. - Foto's en videobeelden zijn te transporteren naar PC. - Tevens te gebruiken als webcam. Met de bijgeleverde software kunt u: - Foto's en videobeelden bewerken. - Videomail versturen. - Foto's organiseren. - Panorama's cre?ren. - Video-overleg houden. Van fl. 189,- voor: fl. 169,- (max. drie per klant) Art.nr: 302612 USB Systeemeisen: Win 98/2000/ME Bestellen: http://www.teledirektnederland.nl/em/emws1.htm ============================================================== # 2222 SPELLETJES: 5 CD-ROMS VOL ONTSPANNING Bij ieder van de 2222 spellen in dit pakket wordt een korte beschrijving gegeven, samen met een screenshot en spelaanwijzingen. Veel spellen kunnen ook via internet, een netwerk of e-mail worden gespeeld. De meest populaire spellen zijn voor u geselecteerd: actiespellen, simulaties, kaartspellen, reactiespellen, bordspellen, educatieve spellen en denkspellen. 5 CD-Roms met o.a.: Tetris, Pacman, Blackjack en veel meer..... fl. 39,- Art.nr: 302719 Taal: NL Systeemeisen: Win 95/98 Bestellen: http://www.teledirektnederland.nl/em/emws1.htm ============================================================== # AUTOMATISCH MICROSOFT EXCEL EN WORD DOCUMENTEN OMZETTEN NAAR DE EURO? Met EURO OFFICE worden alle valuta-bedragen in uw Excel en Word documenten eenvoudig omgezet in Euro's. Zelfs bedragen die niet direct herkenbaar zijn als valuta-eenheden worden met ??n klik omgezet in Euro's. De voordelen op een rijtje: - Zet verschillende valuta in ??n keer om in Euro's. - Maakt het vergelijken van valuta overzichtelijk. - Geen afrondingsfouten. - Ingebouwde calculator. - Knippen, converteren en plakken van valuta. - Decimale afronding handmatig in te stellen. - Conversie resultaten ook per individuele valuta te bekijken. - Werkt perfect met Excel en Word. Met dit programma bespaart u veel tijd en energie en u kunt met een gerust hart de introductie van de Euro tegemoet zien. fl. 99,- Art.nr: 302839 Taal: UK Systeemeisen: Win 95/98/NT/2000 Bestellen: http://www.teledirektnederland.nl/em/emws1.htm ============================================================== # MCAFEE VIRUSSCAN 5.0 + WINDELETE 5 Uw PC sneller en virusvrij ! McAfee VirusScan 5.0: het meest effectieve en meest verkochte programma voor virusbescherming. U kunt tevens ongelimiteerd de nieuwste versie downloaden. WinDelete 5: versnelt uw PC door optimaliseren van Windows en ruimt onnodige bestanden op. fl. 129,- Art.nr: 302808 Systeemeisen: Win 95/98/NT Bestellen: http://www.teledirektnederland.nl/em/emws1.htm ============================================================== # CD-FOONGIDS 2001 INCL. ADRESBESTAND COMPACT Meer dan 7.000.000 adressen met telefoon-, fax- en mobiele nummers. N I E U W in de CD-foongids 2001: - E-mailadressen. - Internetadressen. - Openbaar Vervoer reisplanner. Alleen bij Teledirekt incl. Adresbestand Compact waarmee u kunt beschikken over: - Directeursnamen. - Aantal werkzame personen. - Hoofd- en nevenactiviteiten. EN: ZOEKEN OP TELEFOONNUMMER ! fl. 69,- Art.nr: 302779 Taal: NL Systeemeisen: Win 95/98/NT/2000 Bestellen: http://www.teledirektnederland.nl/em/emws1.htm ============================================================== # KILOMETERDECLARATIE 2001 Eenvoudig uw gereden kilometers registreren. Nieuw: - Op basis van van postcodes afstanden berekenen. - Inclusief fiscale tips voor 2001. - Declaratie zowel in guldens als in Euro's. - Eenvoudig uw fiscale bijtelling berekenen. - Geheel aangepast aan de nieuwe belastingregels. - Lay-out van rapporten zelf bewerken. fl. 99,- Art.nr: 302474 Taal: NL Systeemeisen: Win 95/98/NT/2000 Bestellen: http://www.teledirektnederland.nl/em/emws1.htm ============================================================== # CRASH-DOKTER LITE "Dit programma heeft een ongeldige bewerking uitgevoerd en wordt afgesloten." Kent u de verschrikkingen van een vastgelopen systeem, een ongeldige pagina of een geblokkeerd programma? Met het volledig Nederlandstalige programma Nedsoft Crash-Dokter Lite, een van onze bestlopende producten, zijn de problemen rond het vastlopen van uw PC eindelijk verleden tijd. Al uw gegevens zijn voortaan in veilige handen! Crash-Dokter Lite is eenvoudig te installeren, gemakkelijk in gebruik, neemt weinig geheugen in beslag en vertraagt de werking van andere programma's niet. Het controleert voortdurend op mogelijke Windows-problemen en grijpt in wanneer het nodig is. Zelfs uw lopende werk kunt u nog opslaan, nadat uw PC is vastgelopen of een programma niet meer reageert. fl. 49,95 Art.nr: 302067 Taal: NL Systeemeisen: Win 95/98 Bestellen: http://www.teledirektnederland.nl/em/emws1.htm ============================================================== * BUNDEL VAN DE WEEK * 5 DAVILEX CURSUSSEN VOOR DE PRIJS VAN 1 - CURSUS INTERNET. - CURSUS WINDOWS 98. - CURSUS WORD. - CURSUS EXCEL. - CURSUS POWERPOINT. Dit pakket bevat 5 CD-Roms en is volledig Nederlands gesproken. fl. 79,- Art.nr: 302918 Systeemeisen: Win 95/98 Bestellen: http://www.teledirektnederland.nl/em/emws1.htm ============================================================== Als u gebruik wilt maken van deze aanbiedingen, dan kunt u bestellen via internet: http://www.teledirektnederland.nl/em/emws1.htm U hebt de producten (indien op voorraad) binnen 2 dagen op uw bureau. U BESTELT VIA DEZE E-MAIL VOOR MEER DAN FL. 250,-? (excl. administratiekosten en excl. BTW) DAN ONTVANGT U GRATIS EEN HANDIGE CD-OPBERGMAP. Met vriendelijke groet, Teledirekt Nederland De genoemde prijzen zijn EXCLUSIEF BTW. Administratiekosten: fl. 15,-. ************************************************************** Wanneer u SoftwareNieuws niet meer wilt ontvangen, kunt u dit aangeven op http://www.teledirektnederland.nl/maillijst2.htm Deze e-mailing is verzonden geheel volgens de gedragscode van de DMSA. ************************************************************** Teledirekt Nederland B.V. Kelvinring 58 2952 BG Alblasserdam GRATIS Verkoopadvieslijn: 0800 - 237 66 44 Helpdesk (1 gpm): 0900 - 237 66 48 Fax: 078 - 691 98 29 E-mail adressen: Verkoop: mailto:verkoop at teledirekt.nl Klantenservice: mailto:klantenservice at teledirekt.nl Helpdesk: mailto:helpdesk at teledirekt.nl Bestelcode: EMWS1 From nmav at hellug.gr Tue Aug 7 15:51:01 2001 From: nmav at hellug.gr (Nikos Mavroyanopoulos) Date: Tue Aug 7 15:51:01 2001 Subject: gnutls 0.2.0 Message-ID: <20010807165002.1c11294e.nmav@hellug.gr> I've just released gnutls 0.2.0. This version supports some of the X509v3 extensions, and client authentication with x509 certificates (and has a lot of changes in the codebase). However it's not much tested and may not work in cases were the previous version was ok. Note that this version only works with libgcrypt-1.1.4. Have a nice summer! ( I'm leaving tommorow for vacations) PS. I'd like to hear from anyone using gnutls into any program. (we need some real world testing) -- Nikos Mavroyanopoulos From wk at gnupg.org Tue Aug 7 16:27:01 2001 From: wk at gnupg.org (Werner Koch) Date: Tue Aug 7 16:27:01 2001 Subject: gnutls 0.2.0 In-Reply-To: <20010807165002.1c11294e.nmav@hellug.gr> (Nikos Mavroyanopoulos's message of "Tue, 7 Aug 2001 16:50:02 -0700") References: <20010807165002.1c11294e.nmav@hellug.gr> Message-ID: <87n15cvtco.fsf@alberti.gnupg.de> Hi! I already talked with Nikos about using Exim as a real world program to test GNU TLS. Philip, Robert, what do you think about this? Should we give it a try? Werner On Tue, 7 Aug 2001 16:50:02 -0700, Nikos Mavroyanopoulos said: > I've just released gnutls 0.2.0. This version supports some of the > X509v3 extensions, and client authentication with x509 certificates > (and has a lot of changes in the codebase). However it's not much > tested and may not work in cases were the previous version was ok. > Note that this version only works with libgcrypt-1.1.4. > Have a nice summer! ( I'm leaving tommorow for vacations) > PS. I'd like to hear from anyone using gnutls into any program. (we > need some real world testing) -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From jas at extundo.com Tue Aug 7 17:12:01 2001 From: jas at extundo.com (Simon Josefsson) Date: Tue Aug 7 17:12:01 2001 Subject: gnutls 0.2.0 In-Reply-To: <20010807165002.1c11294e.nmav@hellug.gr> (Nikos Mavroyanopoulos's message of "Tue, 7 Aug 2001 16:50:02 -0700") References: <20010807165002.1c11294e.nmav@hellug.gr> Message-ID: Nikos Mavroyanopoulos writes: > PS. I'd like to hear from anyone using gnutls into any program. (we > need some real world testing) I'd like to port my TLS/SSL bindings for elisp (emacs) to gnutls (it uses Mozilla's NSS now), hence using it for NNTPS, IMAP over SSL, IMAP with STARTTLS, SMTP with STARTTLS and possibly SMTP over SSL. From nmav at hellug.gr Tue Aug 7 20:50:02 2001 From: nmav at hellug.gr (Nikos Mavroyanopoulos) Date: Tue Aug 7 20:50:02 2001 Subject: gnutls-0.2.1 Message-ID: <20010807214900.7cb9504e.nmav@hellug.gr> It seems we've got two releases in one day :) This release fixes bugs in the SRP key exchange (it wasn't working at all). -- Nikos Mavroyanopoulos From ph10 at cus.cam.ac.uk Wed Aug 8 16:46:01 2001 From: ph10 at cus.cam.ac.uk (Philip Hazel) Date: Wed Aug 8 16:46:01 2001 Subject: gnutls 0.2.0 In-Reply-To: <87n15cvtco.fsf@alberti.gnupg.de> Message-ID: On 7 Aug 2001, Werner Koch wrote: > I already talked with Nikos about using Exim as a real world program > to test GNU TLS. Philip, Robert, what do you think about this? > Should we give it a try? Fine by me. I'm afraid I know nothing about GNU TLS. Will it require source hacking in Exim? The current code is all contained in a single source module which makes OpenSSL calls. Presumably this could easily be modified if the API is different. Regards, Philip -- Philip Hazel University of Cambridge Computing Service, ph10 at cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714. From rvdm at cistron.nl Wed Aug 8 16:52:01 2001 From: rvdm at cistron.nl (Robert van der Meulen) Date: Wed Aug 8 16:52:01 2001 Subject: gnutls 0.2.0 In-Reply-To: Message-ID: <20010808164944.A22800@wiretrip.org> Quoting Philip Hazel (ph10 at cus.cam.ac.uk): > On 7 Aug 2001, Werner Koch wrote: > > I already talked with Nikos about using Exim as a real world program > > to test GNU TLS. Philip, Robert, what do you think about this? > > Should we give it a try? > Fine by me. I'm afraid I know nothing about GNU TLS. Will it require > source hacking in Exim? The current code is all contained in a single > source module which makes OpenSSL calls. Presumably this could easily be > modified if the API is different. Same here :) How hard will it be to transition ? How much stability can i expect from gnutls ? As the freeze is coming closer, i'm a bit hesitant to adding an exim-tls to debian until it's really stable. There is a 'gnutls' ITP for Debian, and i personally know the maintainer. I'll talk to him and see if we can get things in sync. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm at debian.org for my GnuPG/PGP key. Marijuana is nature's way of saying, "Hi!". From wk at gnupg.org Wed Aug 8 19:01:01 2001 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 8 19:01:01 2001 Subject: gnutls 0.2.0, Re: gnutls 0.2.0 In-Reply-To: (Philip Hazel's message of "Wed, 8 Aug 2001 15:44:36 +0100 (BST), Wed, 8 Aug 2001 16:49:44 +0200") References: Message-ID: <87k80eij0i.fsf@alberti.gnupg.de> On Wed, 8 Aug 2001 15:44:36 +0100 (BST), Philip Hazel said: > Fine by me. I'm afraid I know nothing about GNU TLS. Will it require Version is 0.2.1 :-) Gnu TLS should at some time in the future replace the use of OpenSSL which has the license incompatibilities with the GPL. > source hacking in Exim? The current code is all contained in a single > source module which makes OpenSSL calls. Presumably this could easily be > modified if the API is different. That makes it easier. On Wed, 8 Aug 2001 16:49:44 +0200, Robert van der Meulen said: > How hard will it be to transition ? How much stability can i expect from > gnutls ? None. GNUTLS is really alpha. I justed wanted to coordinate with you than noone else is doing such stuff. > As the freeze is coming closer, i'm a bit hesitant to adding an exim-tls to > debian until it's really stable. Sure, I do not expected that it will go into Debian before it really works and we have done a security audit. > There is a 'gnutls' ITP for Debian, and i personally know the maintainer. > I'll talk to him and see if we can get things in sync. Well, it should really go into experimental. Ciao, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From ph10 at cus.cam.ac.uk Thu Aug 9 09:25:01 2001 From: ph10 at cus.cam.ac.uk (Philip Hazel) Date: Thu Aug 9 09:25:01 2001 Subject: gnutls 0.2.0, Re: gnutls 0.2.0 In-Reply-To: <87k80eij0i.fsf@alberti.gnupg.de> Message-ID: On 8 Aug 2001, Werner Koch wrote: > None. GNUTLS is really alpha. I justed wanted to coordinate with you > than noone else is doing such stuff. Well, I don't know of anybody, so I think you have it to yourself. Philip -- Philip Hazel University of Cambridge Computing Service, ph10 at cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714. From wk at gnupg.org Thu Aug 9 09:39:01 2001 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 9 09:39:01 2001 Subject: gnutls 0.2.0, Re: gnutls 0.2.0 In-Reply-To: (Philip Hazel's message of "Thu, 9 Aug 2001 08:23:06 +0100 (BST)") References: Message-ID: <87u1zhk7fz.fsf@alberti.gnupg.de> On Thu, 9 Aug 2001 08:23:06 +0100 (BST), Philip Hazel said: > Well, I don't know of anybody, so I think you have it to yourself. Why did I only ask :-) Okay, I give it a shot. Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From nmav at hellug.gr Mon Aug 20 23:51:01 2001 From: nmav at hellug.gr (Nikos Mavroyanopoulos) Date: Mon Aug 20 23:51:01 2001 Subject: gnutls-0.2.2 Message-ID: <20010821005009.191a62f2.nmav@hellug.gr> I've released gnutls-0.2.2. It is mostly a bugfix release (both into the library and into the documented examples). -- Nikos Mavroyanopoulos From return at trafficmagnet.net Thu Aug 23 00:16:01 2001 From: return at trafficmagnet.net (Christine Hall) Date: Thu Aug 23 00:16:01 2001 Subject: GNUTLS.HELLUG.GR Message-ID: <200108222208.f7MM8Nr19663@trafficmagnet.net> An HTML attachment was scrubbed... URL: From lfarkas at mindmaker.hu Thu Aug 23 12:02:01 2001 From: lfarkas at mindmaker.hu (Levente Farkas) Date: Thu Aug 23 12:02:01 2001 Subject: why gnutls when we have openssl? Message-ID: <3B84D41E.1A01DDD2@mindmaker.hu> hi, can someone explain me why do you guys write gnutls when we have openssl? I think it'd be useful to explain on you homepage too sincs it's the first question when someone heard about gnutls. thanks. -- Levente "Si vis pacem para bellum!" From wk at gnupg.org Thu Aug 23 12:22:02 2001 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 23 12:22:02 2001 Subject: why gnutls when we have openssl? In-Reply-To: <3B84D41E.1A01DDD2@mindmaker.hu> (Levente Farkas's message of "Thu, 23 Aug 2001 11:59:58 +0200") References: <3B84D41E.1A01DDD2@mindmaker.hu> Message-ID: <87lmkbdqin.fsf@alberti.gnupg.de> On Thu, 23 Aug 2001 11:59:58 +0200, Levente Farkas said: > can someone explain me why do you guys write gnutls when we have openssl? One reason is that the OpenSSL license is not compatible to the GPL; this forbids us to use code from OpenSSL or distribute GPLed software together with OpenSSL. Even if the OpenSSL folks would like to remove the proplematic parts out of their licese and use license like the revised BSD one, they can't do that because most code is copyrighted by Eric Young et al. and given the statements in their SSLeay license it is unlikely that they will work on making it compatible to the GPL. Having a GPLed implementation has also the advantage that other companies can't use this without releasing there changes - this can help to avoid proprietary extensions like what we have seen Microsoft did to Kerberos. Another reason is that it is always good to have more than one implementation of a protocol - 2 free ones are really good. Then there is of course the challenge to implement such a over-complicated protocol coorectly - hackers do like such challenges. Some folks even have concerns about the design of SSLeay and the fact that it is not very good documented. Nikos might have other reasons as well ... Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From danw at ximian.com Thu Aug 23 15:32:02 2001 From: danw at ximian.com (Dan Winship) Date: Thu Aug 23 15:32:02 2001 Subject: why gnutls when we have openssl? In-Reply-To: <87lmkbdqin.fsf@alberti.gnupg.de> References: <3B84D41E.1A01DDD2@mindmaker.hu> <87lmkbdqin.fsf@alberti.gnupg.de> Message-ID: <998573411.28074.9.camel@twelve-monkeys.ximian.com> > changes - this can help to avoid proprietary extensions like what we > have seen Microsoft did to Kerberos. People use this example a lot, but it's not true. Microsoft made proprietary extensions to the Kerberos *specification* (RFC 1510), not to any existing Kerberos implementation. When the first interoperability testing between MIT and Microsoft kerberos was done, the two implementations had different bugs, so it's unlikely they used any significant amount of the MIT code at all. -- Dan From wk at gnupg.org Thu Aug 23 16:08:01 2001 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 23 16:08:01 2001 Subject: why gnutls when we have openssl? In-Reply-To: <998573411.28074.9.camel@twelve-monkeys.ximian.com> (Dan Winship's message of "23 Aug 2001 09:30:11 -0400") References: <3B84D41E.1A01DDD2@mindmaker.hu> <87lmkbdqin.fsf@alberti.gnupg.de> <998573411.28074.9.camel@twelve-monkeys.ximian.com> Message-ID: <87ofp6c1gg.fsf@alberti.gnupg.de> On 23 Aug 2001 09:30:11 -0400, Dan Winship said: > People use this example a lot, but it's not true. Microsoft made > proprietary extensions to the Kerberos *specification* (RFC 1510), not > to any existing Kerberos implementation. When the first interoperability [You have seen the source?] > testing between MIT and Microsoft kerberos was done, the two > implementations had different bugs, so it's unlikely they used any > significant amount of the MIT code at all. They could have done this and in fact the first TCP/IP implementions where heavily based on BSD code. -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From jas at extundo.com Thu Aug 23 19:14:02 2001 From: jas at extundo.com (Simon Josefsson) Date: Thu Aug 23 19:14:02 2001 Subject: why gnutls when we have openssl? In-Reply-To: <87lmkbdqin.fsf@alberti.gnupg.de> (Werner Koch's message of "23 Aug 2001 12:22:56 +0200") References: <3B84D41E.1A01DDD2@mindmaker.hu> <87lmkbdqin.fsf@alberti.gnupg.de> Message-ID: Werner Koch writes: >> can someone explain me why do you guys write gnutls when we have openssl? > > One reason is that the OpenSSL license is not compatible to the GPL; > this forbids us to use code from OpenSSL or distribute GPLed software > together with OpenSSL. There is also Mozilla's NSS which is a GPLd TLS implementation. Like OpenSSL it also has S/MIME and other stuff, and it's quite mature and bug free from what I've seen. I fear a incompatibility mess for TLS libraries in free software soon, we'll all be required to have three TLS libraries installed and each have their own method of storing and handling CA's, private keys etc. Right now, most free programs out there seem to mostly deal with server-side HTTPS and little else, Netscape/Mozilla S/MIME being about the only major exception I can think of. Client-side authenticated SMTP, IMAP is about to happen, but I think it will not work smoothly for Unix users until you can manage your CA's, private keys etc across applications. It's blasphemy here, but the integration of CAPI/CSP in Windows is just so nice, I wished we had something like that on Unix. Err, end of rant, just my $.2. From wk at gnupg.org Thu Aug 23 20:38:01 2001 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 23 20:38:01 2001 Subject: why gnutls when we have openssl? In-Reply-To: (Simon Josefsson's message of "Thu, 23 Aug 2001 19:12:21 +0200") References: <3B84D41E.1A01DDD2@mindmaker.hu> <87lmkbdqin.fsf@alberti.gnupg.de> Message-ID: <874rqyaaes.fsf@alberti.gnupg.de> On Thu, 23 Aug 2001 19:12:21 +0200, Simon Josefsson said: > There is also Mozilla's NSS which is a GPLd TLS implementation. Like At the time Nikos started with GNUTLS NSS was not available and I have to confess that did not yet browsed the NSS code. Netscape is known for its good cmpatibility which they obviously reach by a relative simple implementation - well, that's from hearsay. > OpenSSL it also has S/MIME and other stuff, and it's quite mature and > bug free from what I've seen. HAve you ever tried to hack on this ;-) > I fear a incompatibility mess for TLS libraries in free software soon, > we'll all be required to have three TLS libraries installed and each TLS is well defined by an RFC and (used) Internet protocols are know for good interoperability. The problematic part is X.509 and all the different profiles - we can't do much about it except by supporting the most promising profiles. > for Unix users until you can manage your CA's, private keys etc across > applications. It's blasphemy here, but the integration of CAPI/CSP in > Windows is just so nice, I wished we had something like that on Unix. I won't promise anything, but eventually the GNU project will have something like this. GNUTLS is just a first step other stuff will come for sure. Actually I am preparing for a project which can be the base for it. Ciao, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From abrar_bin_yousuf at yahoo.com Sat Aug 25 12:26:01 2001 From: abrar_bin_yousuf at yahoo.com (Abrar Bin Yousuf) Date: Sat Aug 25 12:26:01 2001 Subject: Gnutls-dev digest, Vol 1 #24 - 5 msgs In-Reply-To: Message-ID: <20010825102437.11401.qmail@web10002.mail.yahoo.com> Pretty true. I really had a hard time to add some extensions to the OpenSSL package as you can hardly find any kind of documentation. The thing about two free things is true also. However, it is going to be tough to fight or compete with OpenSSL as it is very widely used and enjoys huge support -- particularly due its integration with Apache. We have to come up with something simmilar which must at least have some basic benefit to make the users interested. Regards, Abrar --- gnutls-dev-request at gnupg.org wrote: > Send Gnutls-dev mailing list submissions to > gnutls-dev at gnupg.org > > To subscribe or unsubscribe via the World Wide Web, > visit > http://lists.gnupg.org/mailman/listinfo/gnutls-dev > or, via email, send a message with subject or body > 'help' to > gnutls-dev-request at gnupg.org > > You can reach the person managing the list at > gnutls-dev-admin at gnupg.org > > When replying, please edit your Subject line so it > is more specific > than "Re: Contents of Gnutls-dev digest..." > > > Today's Topics: > > 1. Re: why gnutls when we have openssl? (Werner > Koch) > 2. Re: why gnutls when we have openssl? (Dan > Winship) > 3. Re: why gnutls when we have openssl? (Werner > Koch) > 4. Re: why gnutls when we have openssl? (Simon > Josefsson) > 5. Re: why gnutls when we have openssl? (Werner > Koch) > > --__--__-- > > Message: 1 > To: lfarkas at mindmaker.hu > Cc: gnutls-dev at gnupg.org > Subject: Re: why gnutls when we have openssl? > From: Werner Koch > Date: 23 Aug 2001 12:22:56 +0200 > > On Thu, 23 Aug 2001 11:59:58 +0200, Levente Farkas > said: > > > can someone explain me why do you guys write > gnutls when we have openssl? > > One reason is that the OpenSSL license is not > compatible to the GPL; > this forbids us to use code from OpenSSL or > distribute GPLed software > together with OpenSSL. Even if the OpenSSL folks > would like to remove > the proplematic parts out of their licese and use > license like the > revised BSD one, they can't do that because most > code is > copyrighted by Eric Young et al. and given the > statements in their > SSLeay license it is unlikely that they will work on > making it > compatible to the GPL. Having a GPLed > implementation has also the > advantage that other companies can't use this > without releasing there > changes - this can help to avoid proprietary > extensions like what we > have seen Microsoft did to Kerberos. > > Another reason is that it is always good to have > more than one > implementation of a protocol - 2 free ones are > really good. > > Then there is of course the challenge to implement > such a > over-complicated protocol coorectly - hackers do > like such challenges. > Some folks even have concerns about the design of > SSLeay and the fact > that it is not very good documented. > > Nikos might have other reasons as well ... > > Werner > > -- > Werner Koch Omnis enim res, quae dando non > deficit, dum habetur > g10 Code GmbH et non datur, nondum habetur, > quomodo habenda est. > Privacy Solutions > -- Augustinus > > > > --__--__-- > > Message: 2 > Subject: Re: why gnutls when we have openssl? > From: Dan Winship > To: Werner Koch > Cc: lfarkas at mindmaker.hu, gnutls-dev at gnupg.org > Date: 23 Aug 2001 09:30:11 -0400 > > > changes - this can help to avoid proprietary > extensions like what we > > have seen Microsoft did to Kerberos. > > People use this example a lot, but it's not true. > Microsoft made > proprietary extensions to the Kerberos > *specification* (RFC 1510), not > to any existing Kerberos implementation. When the > first interoperability > testing between MIT and Microsoft kerberos was done, > the two > implementations had different bugs, so it's unlikely > they used any > significant amount of the MIT code at all. > > -- Dan > > > --__--__-- > > Message: 3 > To: Dan Winship > Cc: lfarkas at mindmaker.hu, gnutls-dev at gnupg.org > Subject: Re: why gnutls when we have openssl? > From: Werner Koch > Date: 23 Aug 2001 16:09:35 +0200 > > On 23 Aug 2001 09:30:11 -0400, Dan Winship said: > > > People use this example a lot, but it's not true. > Microsoft made > > proprietary extensions to the Kerberos > *specification* (RFC 1510), not > > to any existing Kerberos implementation. When the > first interoperability > > [You have seen the source?] > > > testing between MIT and Microsoft kerberos was > done, the two > > implementations had different bugs, so it's > unlikely they used any > > significant amount of the MIT code at all. > > They could have done this and in fact the first > TCP/IP implementions > where heavily based on BSD code. > > > -- > Werner Koch Omnis enim res, quae dando non > deficit, dum habetur > g10 Code GmbH et non datur, nondum habetur, > quomodo habenda est. > Privacy Solutions > -- Augustinus > > > > --__--__-- > > Message: 4 > To: Werner Koch > Cc: lfarkas at mindmaker.hu, gnutls-dev at gnupg.org > Subject: Re: why gnutls when we have openssl? > From: Simon Josefsson > Date: Thu, 23 Aug 2001 19:12:21 +0200 > > Werner Koch writes: > > >> can someone explain me why do you guys write > gnutls when we have openssl? > > > > One reason is that the OpenSSL license is not > compatible to the GPL; > > this forbids us to use code from OpenSSL or > distribute GPLed software > > together with OpenSSL. > > There is also Mozilla's NSS which is a GPLd TLS > implementation. Like > OpenSSL it also has S/MIME and other stuff, and it's > quite mature and > bug free from what I've seen. > > I fear a incompatibility mess for TLS libraries in > free software soon, > we'll all be required to have three TLS libraries > installed and each > have their own method of storing and handling CA's, > private keys etc. > Right now, most free programs out there seem to > mostly deal with > server-side HTTPS and little else, Netscape/Mozilla > S/MIME being about > the only major exception I can think of. > Client-side === message truncated === __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From wk at gnupg.org Sat Aug 25 13:23:02 2001 From: wk at gnupg.org (Werner Koch) Date: Sat Aug 25 13:23:02 2001 Subject: Gnutls-dev digest, Vol 1 #24 - 5 msgs In-Reply-To: <20010825102437.11401.qmail@web10002.mail.yahoo.com> (Abrar Bin Yousuf's message of "Sat, 25 Aug 2001 03:24:37 -0700 (PDT)") References: <20010825102437.11401.qmail@web10002.mail.yahoo.com> Message-ID: <87y9o8jsbo.fsf@alberti.gnupg.de> On Sat, 25 Aug 2001 03:24:37 -0700 (PDT), Abrar Bin Yousuf said: > We have to come up with something simmilar which must > at least have some basic benefit to make the users The main benefit is that you can legally link to GPL software. -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From nmav at hellug.gr Sun Aug 26 11:50:01 2001 From: nmav at hellug.gr (Nikos Mavroyanopoulos) Date: Sun Aug 26 11:50:01 2001 Subject: why gnutls when we have openssl? In-Reply-To: <20010825102437.11401.qmail@web10002.mail.yahoo.com> References: <20010825102437.11401.qmail@web10002.mail.yahoo.com> Message-ID: <20010826054621.577d2c5a.nmav@hellug.gr> On Sat, 25 Aug 2001 03:24:37 -0700 (PDT) Abrar Bin Yousuf wrote: > Pretty true. > I really had a hard time to add some extensions to the > OpenSSL package as you can hardly find any kind of > documentation. The thing about two free things is true > also. > However, it is going to be tough to fight or compete > with OpenSSL as it is very widely used and enjoys huge > support -- particularly due its integration with > Apache. > We have to come up with something simmilar which must > at least have some basic benefit to make the users > interested. Well, we are currently working on that. If you have any benefits in mind, and you would like to help, you're welcome to contribute. > Regards, > Abrar -- Nikos Mavroyanopoulos From tomh at po.crl.go.jp Mon Aug 27 09:54:01 2001 From: tomh at po.crl.go.jp (Tom Holroyd) Date: Mon Aug 27 09:54:01 2001 Subject: Alpha GCC 3.0 Message-ID: Just trying to get this working on Alpha -- there are several syntax errors; the first two are easy: --- #gnutls_num.h Fri Jul 20 16:21:52 2001 +++ gnutls_num.h Mon Aug 27 16:22:15 2001 @@ -47,7 +47,7 @@ # define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n)))) # define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffUL) | (rotr64(x, 8) & 0xff00ff00ff00ff00UL)) -# define uint64pp(x) ((++(*x)==0) ? -1 : 0); +# define uint64pp(x) ((++(*x)==0) ? -1 : 0) # define uint64zero(x) (*x) = 0 #endif --- #gnutls_int.h Tue Aug 21 16:30:05 2001 +++ gnutls_int.h Mon Aug 27 16:23:41 2001 @@ -397,7 +397,7 @@ GNUTLS_Version gnutls_get_current_version(GNUTLS_STATE state); ssize_t gnutls_send_int(SOCKET cd, GNUTLS_STATE state, ContentType type, HandshakeType htype, const void* data, size_t sizeofdata, int flags); ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, HandshakeType, char* data, size_t sizeofdata, int flags); -int _gnutls_send_change_cipher_spec(SOCKET cd, GNUTLS_STATE state); +ssize_t _gnutls_send_change_cipher_spec(SOCKET cd, GNUTLS_STATE state); /* These macros return the advertized TLS version of * the peer. But the last one I haven't had time to look at so I'll just dump it here: gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -O2 -c cli.c cli.c: In function `main': cli.c:215: `SHUT_WR' undeclared (first use in this function) cli.c:215: (Each undeclared identifier is reported only once cli.c:215: for each function it appears in.) cli.c:334: `SHUT_RDWR' undeclared (first use in this function) Dr. Tom Holroyd "I am, as I said, inspired by the biological phenomena in which chemical forces are used in repetitious fashion to produce all kinds of weird effects (one of which is the author)." -- Richard Feynman, _There's Plenty of Room at the Bottom_ From nmav at ovrimos.com Mon Aug 27 11:00:01 2001 From: nmav at ovrimos.com (Nikos Mavroyanopoulos) Date: Mon Aug 27 11:00:01 2001 Subject: Alpha GCC 3.0 In-Reply-To: References: Message-ID: <20010827120715.42f01a5b.nmav@ovrimos.com> On Mon, 27 Aug 2001 16:51:33 +0900 (JST) Tom Holroyd wrote: > Just trying to get this working on Alpha -- there are several syntax > errors; the first two are easy: > --- #gnutls_num.h Fri Jul 20 16:21:52 2001 > +++ gnutls_num.h Mon Aug 27 16:22:15 2001 > @@ -47,7 +47,7 @@ > # define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n)))) > # define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffUL) | (rotr64(x, 8) & 0xff00ff00ff00ff00UL)) [...] Thanks, they should be fixed in the cvs. > But the last one I haven't had time to look at so I'll just dump it here: > > gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -O2 -c cli.c > cli.c: In function `main': > cli.c:215: `SHUT_WR' undeclared (first use in this function) > cli.c:215: (Each undeclared identifier is reported only once > cli.c:215: for each function it appears in.) > cli.c:334: `SHUT_RDWR' undeclared (first use in this function) These should have been defined in sys/socket.h, however I added an #ifdef for them... > Dr. Tom Holroyd > "I am, as I said, inspired by the biological phenomena in which > chemical forces are used in repetitious fashion to produce all > kinds of weird effects (one of which is the author)." > -- Richard Feynman, _There's Plenty of Room at the Bottom_ > > > _______________________________________________ > Gnutls-dev mailing list > Gnutls-dev at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnutls-dev -- Nikos Mavroyanopoulos From josh.winters at webstream.net Mon Aug 27 17:47:01 2001 From: josh.winters at webstream.net (josh.winters at webstream.net) Date: Mon Aug 27 17:47:01 2001 Subject: Request For Information Message-ID: Hello, Could you please direct this request to the proper party or department? We would like to get some additional information about your business in an effort to explore the ways that we might be able to work together. If possible, we would like to receive your media package. If you have an interest, please respond to the address below, or visit our web site. Please send to: If by e-mail: josh.winters at webstream.net If by mail: WebStream Internet Solutions Outsourcing Department 2200 W.Commercial Blvd. Suite 204 Ft. Lauderdale, FL 33309 USA Thank you very much. Josh Winters josh.winters at webstream.net http://webstream.net Design * Programming * Virtual and Dedicated Server Hosts Since 1997