[gnutls-dev] OpenCDK comments

Timo Schulz twoaday at gmx.net
Fri Apr 20 15:00:37 CEST 2007


Simon Josefsson wrote:

> * Can't we officially deprecate keygen.c and its interfaces, in the
>   same way that the trustdb.c interfaces have been deprecated?  I'd

I'm not sure if we share the same opinion or if we even talk about
the same thing. OpenCDK is a general library and not only for the use
in GnuTLS. At least that's what I planned. I'm not sure if it is used
in the real world, but I plan to make a public release soon.

The keygen API is not used in GnuTLS and it never was.


> * Is the keyserver stuff needed?  It seems limited compared to the new
>   GnuPG keyserver stuff.  I'm not sure GnuTLS ever needs this
>   functionality.  I think the best solution is to use GnuPG's

There is a callback for key receiving and it is used right now. At
least when some flags are enabled. And yes, it is very limited but
it might be useful for people who just want to download a key via
HKP.


> * I'd recomment that we use gnulib for CRC, Base64, several misc.c
>   functions, etc.

For the mingw32 build the gnulib would be linked static? Right now
opencdk depends on gcrypt, gpg-error and 'z' and to increase the
amount of libs can be burdensome for the w32 port. My idea was to
keep the library tight and small to avoid too much dependies.

We could use ligcrypt for the CRC stuff. The base64 code is IMHO
not that much and there are also very limited misc functions.
You might have seen I removed the vasprintf code. Now it's only
a case in-sensitive version of strstr.


> * Does keydb.c implement some disk-format for key databases?  Is it
>   the GnuPG format?

It just stores the openpgp packet in a sequence. Basically this is
what GPG also does.


> * We probably should review the libgcrypt init code to make sure it
>   doesn't conflict with how GnuTLS initialize libgcrypt.

That's true. The only code I currently use is the secure memory allocation.


> * Where is stream-socket.c used?  keyservers?  Maybe it could be
>   removed too, if keyserver stuff is removed.

I might have the impression, that you think of opencdk as a library
which is *only* used for GnuTLS. It is a problem that OpenCDK is a
general library and also provides interfaces which are not used by GnuTLS?


	Timo




More information about the Gnutls-devel mailing list