Gnutls-dev digest, Vol 1 #24 - 5 msgs

Abrar Bin Yousuf abrar_bin_yousuf at yahoo.com
Sat Aug 25 12:26:01 CEST 2001 

Pretty true. 
I really had a hard time to add some extensions to the
OpenSSL package as you can hardly find any kind of
documentation. The thing about two free things is true
also.

However, it is going to be tough to fight or compete
with OpenSSL as it is very widely used and enjoys huge
support -- particularly due its integration with
Apache.

We have to come up with something simmilar which must
at least have some basic benefit to make the users
interested.

Regards,
Abrar
--- gnutls-dev-request at gnupg.org wrote:
> Send Gnutls-dev mailing list submissions to
> 	gnutls-dev at gnupg.org
> 
> To subscribe or unsubscribe via the World Wide Web,
> visit
> 	http://lists.gnupg.org/mailman/listinfo/gnutls-dev
> or, via email, send a message with subject or body
> 'help' to
> 	gnutls-dev-request at gnupg.org
> 
> You can reach the person managing the list at
> 	gnutls-dev-admin at gnupg.org
> 
> When replying, please edit your Subject line so it
> is more specific
> than "Re: Contents of Gnutls-dev digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: why gnutls when we have openssl? (Werner
> Koch)
>    2. Re: why gnutls when we have openssl? (Dan
> Winship)
>    3. Re: why gnutls when we have openssl? (Werner
> Koch)
>    4. Re: why gnutls when we have openssl? (Simon
> Josefsson)
>    5. Re: why gnutls when we have openssl? (Werner
> Koch)
> 
> --__--__--
> 
> Message: 1
> To: lfarkas at mindmaker.hu
> Cc: gnutls-dev at gnupg.org
> Subject: Re: why gnutls when we have openssl?
> From: Werner Koch <wk at gnupg.org>
> Date: 23 Aug 2001 12:22:56 +0200
> 
> On Thu, 23 Aug 2001 11:59:58 +0200, Levente Farkas
> said:
> 
> > can someone explain me why do you guys write
> gnutls when we have openssl?
> 
> One reason is that the OpenSSL license is not
> compatible to the GPL;
> this forbids us to use code from OpenSSL or
> distribute GPLed software
> together with OpenSSL.  Even if the OpenSSL folks
> would like to remove
> the proplematic parts out of their licese and use
> license like the
> revised BSD one, they can't do that because most
> code is 
> copyrighted by Eric Young et al. and given the
> statements in their
> SSLeay license it is unlikely that they will work on
> making it
> compatible to the GPL.  Having a GPLed
> implementation has also the
> advantage that other companies can't use this
> without releasing there
> changes - this can help to avoid proprietary
> extensions like what we
> have seen Microsoft did to Kerberos.
> 
> Another reason is that it is always good to have
> more than one
> implementation of a protocol - 2 free ones are
> really good.
> 
> Then there is of course the challenge to implement
> such a
> over-complicated protocol coorectly - hackers do
> like such challenges.
> Some folks even have concerns about the design of
> SSLeay and the fact
> that it is not very good documented.
> 
> Nikos might have other reasons as well ...
> 
>   Werner
> 
> -- 
> Werner Koch        Omnis enim res, quae dando non
> deficit, dum habetur
> g10 Code GmbH      et non datur, nondum habetur,
> quomodo habenda est.
> Privacy Solutions                                   
>     -- Augustinus
> 
> 
> 
> --__--__--
> 
> Message: 2
> Subject: Re: why gnutls when we have openssl?
> From: Dan Winship <danw at ximian.com>
> To: Werner Koch <wk at gnupg.org>
> Cc: lfarkas at mindmaker.hu, gnutls-dev at gnupg.org
> Date: 23 Aug 2001 09:30:11 -0400
> 
> > changes - this can help to avoid proprietary
> extensions like what we
> > have seen Microsoft did to Kerberos.
> 
> People use this example a lot, but it's not true.
> Microsoft made
> proprietary extensions to the Kerberos
> *specification* (RFC 1510), not
> to any existing Kerberos implementation. When the
> first interoperability
> testing between MIT and Microsoft kerberos was done,
> the two
> implementations had different bugs, so it's unlikely
> they used any
> significant amount of the MIT code at all.
> 
> -- Dan
> 
> 
> --__--__--
> 
> Message: 3
> To: Dan Winship <danw at ximian.com>
> Cc: lfarkas at mindmaker.hu,  gnutls-dev at gnupg.org
> Subject: Re: why gnutls when we have openssl?
> From: Werner Koch <wk at gnupg.org>
> Date: 23 Aug 2001 16:09:35 +0200
> 
> On 23 Aug 2001 09:30:11 -0400, Dan Winship said:
> 
> > People use this example a lot, but it's not true.
> Microsoft made
> > proprietary extensions to the Kerberos
> *specification* (RFC 1510), not
> > to any existing Kerberos implementation. When the
> first interoperability
> 
> [You have seen the source?]
> 
> > testing between MIT and Microsoft kerberos was
> done, the two
> > implementations had different bugs, so it's
> unlikely they used any
> > significant amount of the MIT code at all.
> 
> They could have done this and in fact the first
> TCP/IP implementions
> where heavily based on BSD code.
> 
> 
> -- 
> Werner Koch        Omnis enim res, quae dando non
> deficit, dum habetur
> g10 Code GmbH      et non datur, nondum habetur,
> quomodo habenda est.
> Privacy Solutions                                   
>     -- Augustinus
> 
> 
> 
> --__--__--
> 
> Message: 4
> To: Werner Koch <wk at gnupg.org>
> Cc: lfarkas at mindmaker.hu, gnutls-dev at gnupg.org
> Subject: Re: why gnutls when we have openssl?
> From: Simon Josefsson <jas at extundo.com>
> Date: Thu, 23 Aug 2001 19:12:21 +0200
> 
> Werner Koch <wk at gnupg.org> writes:
> 
> >> can someone explain me why do you guys write
> gnutls when we have openssl?
> >
> > One reason is that the OpenSSL license is not
> compatible to the GPL;
> > this forbids us to use code from OpenSSL or
> distribute GPLed software
> > together with OpenSSL.
> 
> There is also Mozilla's NSS which is a GPLd TLS
> implementation.  Like
> OpenSSL it also has S/MIME and other stuff, and it's
> quite mature and
> bug free from what I've seen.
> 
> I fear a incompatibility mess for TLS libraries in
> free software soon,
> we'll all be required to have three TLS libraries
> installed and each
> have their own method of storing and handling CA's,
> private keys etc.
> Right now, most free programs out there seem to
> mostly deal with
> server-side HTTPS and little else, Netscape/Mozilla
> S/MIME being about
> the only major exception I can think of. 
> Client-side 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

More information about the Gnutls-devel mailing list