Shawn WebbJun 7, 2017
#BearSSL developer prefers constant-time algorithms, which is a good thing (albeit slower).
Show threadNow @[email protected]Jun 7, 2017
@lattera Why didn't anyone tell me that this would be happening. Now extra sad not being there...
Show threadShawn WebbJun 7, 2017

@spil yeah, looks like #FreeBSD is investigating replacing #OpenSSL in base with #BearSSL.

I think BearSSL has some good ideas (preferring constant-time crypto). But I'm not sure it's ready to replace OpenSSL (or even a good idea to do so).

Show threadmulanderJun 7, 2017
@lattera @spil they will end up with split userland with a base ssl and ports ssl (like they have now with openssl). They should just grab libressl for both base and ports.
Show threadNow @[email protected]
@mulander @lattera Too many utilities in base require crypto to make this simple. Heimdal, ppp and wpa-supplicant already required patching for LibreSSL. Can't imagine what it'd take to adapt for BearSSL in base. ldns, subversion, openssh, sendmail...
That takes considerably more skill than I currently have.
Jun 7, 2017 at 6:56pmWeb