* Joshua D. Drake ([EMAIL PROTECTED]) wrote: > Actually everything about Debian (the project) is a political agenda. > That doesn't mean that it is invalid though.
*smirk > That being said, this topic is WAY OFF-TOPIC for the discussion. The > discussion is: > > Will we accept GNU TLS. > > Currently there has not been one technical argument that is valid to > have us include GNU TLS. Well, perhaps you weren't following everything but I did try to bring up a couple points about GNUTLS vs. OpenSSL which I'll mention again here where more people might actually notice it, heh: OpenSSL has more features and some niceties like the TLS_CACERTDIR (I've asked for this in GNUTLS, actually, so it might have it soon) They can each be faster than the other in some instances (I'm not sure which though, I've heard of 15% differences in each direction depending on architecture though) GNUTLS has a nicer/better API GNUTLS has a smaller memory footprint OpenSSL is working to get NIST certification/approval (it had it, but then lost it for some reason and they're working to get that fixed) GNUTLS has better documentation Actually, from a comparison done for libcurl (which supports both): GnuTLS vs OpenSSL While these two libraries offer similar features, they are not equal. Both libraries have features the other one lacks. libcurl does not (yet) offer a standardized stable ABI if you decide to switch from using libcurl-openssl to libcurl-gnutls or vice versa. The GnuTLS support is very recent in libcurl and it has not been tested nor used very extensively, while the OpenSSL equivalent code has been used and thus matured for more than seven (7) years. GnuTLS - LGPL licensened - supports SRP - lacks SSLv2 support - lacks MD2 support (used by at least some CA certs) - lacks the crypto functions libcurl uses for NTLM OpenSSL - Original BSD licensened - lacks SRP - supports SSLv2 - older and more widely used - provides crypto functions libcurl uses for NTLM - libcurl can do non-blocking connects with it in 7.15.4 and later That was from May 15, 2006: http://curl.mirrors.cyberservers.net/legal/distro-dilemma.html Regarding SSLv2 support, the GNUTLS page has this: Support for TLS 1.1, TLS 1.0 and SSL 3.0 protocols * Since SSL 2.0 is insecure it is not supported. * TLS 1.2 is supported in the experimental branch. > Now is their a legal argument? Maybe, but until an *attorney* states > that there is an issue this is all m00t. > > Speaking of which I am going to bounce of to SPI and see if we can get > an actual answer to this. That would be interesting to find out. I'm kind of suprised it wasn't brought up before so that we could say "well, from our understanding of what our lawyer said..." or something along those lines. Thanks, Stephen
Description: Digital signature