On 09/29/2015 12:55 AM, Marc Jones wrote: [...] > In terms of the security of GnuTLS, I am sure that OpenSSL is going to > get more scrutiny of any SSL library, but It also looks like GnuTLS and > mod_gnu_tls are getting a lot more attention as of late. Last year > GnuTLS had over 25 people contribute.[1] And this year we saw mod_gnutls > get a new maintainer that is much more active. > > In terms of the OpenLDAP developer's concerns from 2008, it seems it has > been addressed by the primary GnuTLS developer on more then one > occasion. Nikos, the main gnutls developer, specifically addressed it in > 2010 [2] on the gnutls mailing list. He also discusses it in a 2011 blog > post.[3] > > Apparently, at least according to Nikos, the OpenLDAP developer was > right about finding a bug in one function, but the openldap developer > was wrong to generalize it to the entire library. GnuTLS has apparently > addressed the 2008 issue. > > It's too bad the OpenLDAP mailing list post is referenced in a recent > ZDnet article that shows up on the first page of a DuckDuckGo search for > GnuTLS [4] because it will give new life to that dead bug. Considering > Nikos was still discussing the bug three years after it was brought to > his attention though, the fact that an article was talking about it 7 > years later might not surprise him. It looks like GnuTLS has a bit of a > zombie bug on it's hands, no matter how many times they kill it, people > think it keeps coming back to life. > > -Marc > > [1] > http://nmav.gnutls.org/2014/12/a-quick-overview-of-gnutls-development.html > [2] http://lists.gnu.org/archive/html/help-gnutls/2010-05/msg00018.html > [3] http://nmav.gnutls.org/2011/05/is-really-gnutls-considered-harmful.html > [4] > http://www.zdnet.com/article/gnutls-big-internal-bugs-few-real-world-problems/ >
It appears that my fears were quite pre-mature. Reading the above gives me more confidence on GnuTLS. I am glad that the project is doing better than I thought. Looks like we do have a consensus to proceed with GnuTLS. -- Sunil
signature.asc
Description: OpenPGP digital signature
