[Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?
Nathan Dorfman
na at rtfm.net
Tue Apr 1 18:02:33 UTC 2014
On Tue, Apr 1, 2014 at 12:54 PM, /dev/rob0 <rob0 at gmx.co.uk> wrote:
> a
I can't speak to an actual code audit, but nettle isn't some third-rate
clone. It's a mature, actively developed and (importantly) thoroughly
documented project.
If I were to undertake such an audit however, I would surely prefer to have
to audit nettle rather than OpenSSL, as unlike the latter, nettle's code is
quite readable and even easy on the eyes.
Not to mention that there's much less code to begin with, as the library
simply doesn't try to do everything OpenSSL does. From their
introduction[1]:
"Nettle tries to avoid this problem by doing one thing, the low-level
crypto stuff, and providing a *simple* but general interface to it. In
particular, Nettle doesn't do algorithm selection. It doesn't do memory
allocation. It doesn't do any I/O."
Maybe OpenSSL is the right choice anyway, I don't know. But, I thought
someone should speak up for nettle :)
-nd.
[1] - http://www.lysator.liu.se/~nisse/nettle/nettle.html#Introduction
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140401/dae45738/attachment.html>
More information about the Dnsmasq-discuss
mailing list