Re: DANE in libressl?
> On 29 Aug 2021, at 16:14, Peter J. Philipp wrote: > > On Sun, Aug 29, 2021 at 07:16:20AM -0600, Theo de Raadt wrote: >> Is there a strong reason why this has to be in that specific library? > > Not really. I did see gnutls has dane functions and openssl has them too. > I can stick to just rolling the needed functionality in the syslogd. > > Noone out there is doing this already right? > Hello, I had started working on a standalone dane resolver based upon asr but I decided not to move it forward: OpenSSL has an interface for DANE and !OpenBSD projects are more likely to implement that interface, so I thought my plan of a standalone implementation would be inferior to a LibreSSL implementation that could be picked by ports and a libtls interface that could be picked by base daemons. I don’t have much code but I can share if you’re still interested.
Re: DANE in libressl?
On Sun, Aug 29, 2021, Peter J. Philipp wrote: > I can stick to just rolling the needed functionality in the syslogd. Maybe you can start with the code from Viktor Dukhovni https://github.com/vdukhovni/ssl_dane THIS CODE IS IN THE PUBLIC DOMAIN. so it can be freely used. It would be nice to have the full functionality in LibreSSL. -- Address is valid for this mailing list only, please do not reply to it direcly, but to the list.
Re: DANE in libressl?
On Sun, Aug 29, 2021 at 07:16:20AM -0600, Theo de Raadt wrote: > Is there a strong reason why this has to be in that specific library? Not really. I did see gnutls has dane functions and openssl has them too. I can stick to just rolling the needed functionality in the syslogd. Noone out there is doing this already right? Best Regards, -peter > Peter J. Philipp wrote: > > > Hi, > > > > I was wondering if anyone has wanted to implement DANE functions into > > OpenBSD? > > And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if I'd > > be on someones toes here, if I start implementing... > > > > With unwind we can make use of things such as DANE due to validation of > > DNSSEC. > > > > Best Regards, > > -peter > >
Re: DANE in libressl?
Is there a strong reason why this has to be in that specific library? Peter J. Philipp wrote: > Hi, > > I was wondering if anyone has wanted to implement DANE functions into OpenBSD? > And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if I'd > be on someones toes here, if I start implementing... > > With unwind we can make use of things such as DANE due to validation of > DNSSEC. > > Best Regards, > -peter >
DANE in libressl?
Hi, I was wondering if anyone has wanted to implement DANE functions into OpenBSD? And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if I'd be on someones toes here, if I start implementing... With unwind we can make use of things such as DANE due to validation of DNSSEC. Best Regards, -peter