On Wed, Nov 9, 2011 at 6:39 PM, Elly Jones <[email protected]> wrote: > The options: > > 1) Write our own crypto from scratch, in Rust. > 2) Write bindings for OpenSSL's libcrypto. > 3) Write bindings for something else external. > 4) Pull something else external into rustrt, write bindings for that. > ... > snip > ... > Option 2 is tempting, but libcrypto is _large_ (~1.7M on my system). The > advantage of this is that we don't need to pull libcrypto into the basis, > since > openssl is installed on basically every system. This also gives us support > for a > truly huge selection of cryptographic primitives. > > Option 3 is also tempting. There are a lot of other libraries, but they all > seem > to fall along a sliding scale between "elephantine" and "un-audited", with > OpenSSL at one extreme and things like PolarSSL at the other.
Pragmatically I am in support of option 2, since indeed, almost every machine will have a recent version of OpenSSL installed. In the name of option 3, I'd like to bring on Dan Bernstein's NaCl project, for which I've been writing Haskell bindings: http://nacl.cace-project.eu - it's very simple and a very nice library. Unfortunately at the moment I don't think it's a realistic option, because it has a strange compilation model (djb software, who'da thought) in order to select optimized crypto primitives, and extracting the portable reference implementations in a way that's totally compatible with optimized implementations is difficult (although I'm working on this.) It otherwise has some nice, very attractive properties, though - and it's djb, so you know it's good. That's just me thinking out-loud. For the long-haul, I'd say 2 is probably the way to go it seems from a distribution standpoint. Doesn't Mozilla also have their own cryptographic networking library? Network Security Services (NSS,) I believe? Either way, me and others can write various crypto bindings to other libraries for Rust if needed/desired. If the proposal is to find something and get it into the standard library as it stands - for wide-spread usage - OpenSSL may be the only serious contender, I'm afraid. -- Regards, Austin _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
