[lsb-discuss] crypto discussion

Darren Davis ddavis at novell.com
Wed Apr 23 14:49:31 PDT 2008


First off, I found this link useful in understanding NSS, others may as 
well.

http://www.mozilla.org/projects/security/pki/nss/faq.html


Robert Schweikert wrote:
> One question from the LSB point of view we will have to answer is 
> probably more political than anything else. If we were to add nss (at 
> least parts as suggested by Ted) to the LSB are we picking a "winner" in 
> the crypto area if we do not also include the openssl library?
>   

I guess I wouldn't view it as picking a winner since as you point out, 
we can include openssl at anytime when we think it is stable and ready.  
A quick peruse of the various distributions and it appears all include 
Mozilla NSS though not surprise since everyone includes Firefox.  If 
this is stable and ready to use, I don't see why we wouldn't include it 
as part of a standard.

> I know, we generally add what is ready and requested and openssl does 
> not appear to be ready from an API/ABI stability point of view while nss 
> is. It is however a matter of perception. I am not arguing to keep nss 
> out, just asking a question. I think adding nss would be a step in the 
> right direction and we can always add openssl when the API/ABI settles 
> down. In addition adding nss might give those who need crypto enough 
> functionality even if they have to "port" from using openssl to nss.
>
> Now it may be that nss and openssl have some of the same interfaces and 
> we don't care how a distribution provides those as long as they are 
> there. But I do not know whether or not this is the case as I am pretty 
> much in the dark about what interfaces the various libraries provide.
>   

My only question would be if a distribution includes the Mozilla NSS 
library (and not the mentioned subset and why one do a subset would 
surprise me), then would that be sufficient to pass LSB?

> Robert
>
>   


Regards,

Darren




More information about the lsb-discuss mailing list