[Cryptography Team] OpenSSL, Stunnel
Frank Shearar
frank.shearar at angband.za.org
Thu Jul 13 07:42:38 UTC 2006
"Ron Teitelbaum" <Ron at USMedRec.com> wrote:
> Does anyone have any thoughts about the benefits and drawbacks of having
the
> cryptographic code be an external black box? Are there greater benefits
to
> our having implemented our own code, for education and flexibility . ?
> Personally I would prefer having the code be in squeak, but I thought the
> question worth asking. Should we do both?
A quibble: stunnel _uses_ OpenSSL, so stunnel doesn't provide us with
anything more as far as crypto's concerned (at least, AFAIK). OpenSSH, on
the other hand, is quite another story. And I'd love to see those services
available in Squeak!
I think we should do both: a plugin wrapper allows us to provide strong
crypto relatively quickly. Then for True Fans, we can write Smalltalk-only
code and then either slowly phase out the plugins function by function, or
simply allow people to choose. Oh, and having plugins will provide us with
handy in-Squeak reference implementations.
My main worry with implementing our code is simply that OpenSSL and OpenSSH
have been beaten upon for a long time; while we do see advisories coming out
for them, they're few and far between.
frank
More information about the Cryptography
mailing list