[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] GnuTLS vs OpenSSL vs NSS
From: |
Simon Josefsson |
Subject: |
Re: [gnutls-dev] GnuTLS vs OpenSSL vs NSS |
Date: |
Sun, 27 May 2007 00:09:00 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.0.95 (gnu/linux) |
address@hidden writes:
> Simon Josefsson-2 wrote:
>>
>> Hi!
>>
>> I've created some tables with a comparison between common TLS
>> implementations. I'm running short of ideas on things to compare. Any
>> ideas or suggestions? The URL is:
>>
>> http://www.gnu.org/software/gnutls/comparison.html
>>
>> What do you think?
>>
>> Also, if you notice any mistakes, or know for sure the status on some I
>> put down as 'No?', please let me know and I'll fix it.
>
> Hi simon,
>
> I have a few updates for you:
Hi! Many thanks. I have intended to send links to the OpenSSL/NSS
teams, but I haven't felt finished enough with the page to do so yet. I
am happy to incorporate your suggestions now.
> Under portability concerns, NSS should read:
>
> NSS Platform requirements - NSPR* Network requirements - NSPR* thread
> safety- NSPR* (uses native platform threads when available, provides
> thread implementation if f necessary) Random Seed - set through native
> OS API, extra entropy grab from installed PKCS #11 modules,
> application can also add entropy on the fly
Added most of it, but I don't understand the last part -- how is the
random seed set through a 'native OS API'? Does this refer to some NSPR
API? Or what OS APIs do you mean? I'm not aware of any standard APIs
for setting random seeds.
> *NSPR(and NSS) has(have) been ported to the following platforms (that
> I know about): AIX, BSD, BeOS, HP-UX, IRIX, Linux, Mac OS X, Mac OS 9,
> OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony playstation.
>
> Under Developement:
> remove PR_ * from namespace in the NSS page. PR_ is part of the NSPR
> namespace... crypto library... change NSS from included, monolithic
> to included, PKCS #11 based*
>
> *On the fly replaceable/augmentable.
Fixed.
> It would be good to add a column on certificate management/storage and
> PKCS #11/token support.
>
> There's also a missing table to include things like OCSP and CRL
> processing support.
Good ideas, I've added this on the todo list at the bottom of the page.
> Finally, Under Protocol support, the NSS column for SSL2 should say (yes, off
> by default)
Changed.
Thanks,
Simon
> Thanks
>
> bob
>
>
>
>>
>> /Simon
>>
>>
>> _______________________________________________
>> Help-gnutls mailing list
>> address@hidden
>> http://lists.gnu.org/mailman/listinfo/help-gnutls
>>
>>
> Quoted from:
> http://www.nabble.com/GnuTLS-vs-OpenSSL-vs-NSS-tf3685816.html#a10302694
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [gnutls-dev] GnuTLS vs OpenSSL vs NSS,
Simon Josefsson <=