Hi Jack <3 On Fri, Aug 26, 2016 at 10:29 AM, Jack Moffitt <j...@metajack.im> wrote:
> > I'm in agreement with Brian that *ring* and rustls seem like the way to > go > > first. Second, I would suggest rust-native-tls as a backup if it doesn't > > work out. > > rusttls doesn't seem to support TLS 1.1, which seems like a > non-starter. We'll probably want to dig up some data on how much of > the web relies on that. > Perhaps it can be made to do so. > > libwebpkix does not yet support revocation checking. > As part of integration into Servo, implementing this would be a good contribution to the Rust ecosystem. > > I believe this is what was meant by suggesting we follow these > projects' progress and adapt our decisions along the way. > > > Fundamentally, I think that we shouldn't underestimate the amount of > effort > > it'll take to write and maintain idiomatic Rust bindings to a TLS library > > ourselves. Rust isn't C or C++: the fact that Rust has an excellent FFI > > doesn't negate the fact that using a C library in practice isn't as > simple > > as just importing it. There's a lot of value in leveraging existing > > community bindings to libraries. > > The NSS team has offered their help to create the bindings and > maintain and host them in tree. > Dos that mean that NSS is the only solution that will result in work being done here? What are the consequences of sticking with the status quo of OpenSSL until a Rust-based solution matures? > > No solution here involves zero work for us, but using NSS seems to > involve the least work aside from doing nothing. > > > Finally, I don't see any particular reason why Servo using NSS would help > > Gecko. > > I don't think this was part of the requirements. As you stated there > are some mild benefits for NSS exposure with that option, but none of > the options presented benefit Gecko very much. > While we're still on requirements I might bring up a few potential requirements that haven't been explicitly mentioned: - Seed the Rust community with production-grade Rust code. Servo is explicitly architected to serve this purpose and many of the Servo components Firefox is excited about now have reaped reciprocal benefits from this model. - Act as a halo project for Rust. Servo showcases off all the best facets of Rust, things that no other language can achieve. The TLS stack is another opportunity to add a feather to Servo's cap. - Do research. Servo is a project of the research group and there are opportunities here to advance the state of the art. This probably sounds a bit cheeky, but they are important things to remind ourselves as Servo grows and the demands on it increase. While I still have the mic I'll make an argument in favor of NSS in Servo: if there is a goal to move Servo's network stack into Firefox in the near/medium term, then that is strong reason to give Firefox's requirements weight over Rust's. <3 > > jack. > _______________________________________________ > dev-servo mailing list > dev-servo@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-servo > _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
