On Tue, Feb 14, 2006 at 12:44:39PM +1000, James A. Donald wrote: > Absent exception handling, mission critical tasks should have no > exceptions, which is best accomplished by the die-on-error standard. >
Absent good library design, the developer's goals are best accomplished with the roll-your-own standard. If the authors of libgrypt instead of saying "sorry, we know, it is a difficult problem, we are working on it", instead become defensive and erect false dichotomies to defend the developer from his own folly, I can add libgrypt to my list of tools to avoid when building large systems. As I said before, Postfix does not use GnuTLS directly, rather it is sometimes a victim of libgrypt design via GnuTLS imbedded in the system LDAP library. The current libgrypt is IMHO not suitable for linking into LDAP libraries, database client-server communication libraries, SMTP servers... As for Postfix, it does entropy gathering out-of-process (in the tlsmgr(8) daemon). The SMTP server and client daemons get entropy indirectly from tlsmgr(8) to seed their internal PRNG. Postfix uses OpenSSL, and error conditions in OpenSSL are recoverable (Postfix can and will return 454 in response to STARTTLS, fatal errors are not appropriate in this context). Postfix makes use of error reporting hooks in MySQL, PgSQL, SASL, OpenSSL, (non-GnuTLS) OpenLDAP... none of these have been reported to abruptly terminate the calling process instead of reporting errors to the caller. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]