Nelson B Bolyard: > Howard Chu wrote, On 2008-08-10 03:30: >> Following on from the discussion in >> https://bugzilla.mozilla.org/show_bug.cgi?id=292127 today I took a look >> at what would be involved in adding NSS support to OpenLDAP. Aside from >> the lack of hassle-free PEM support (which it appears may not be a >> problem for much longer) > > When one considers all the important reasons to choose a crypto > implementation, support for one file format which is not used in any > standard protocols (e.g. TLS, SMIME) doesn't seem like a biggie.
I consider the lack of PEM support quite substantial really. The ease to work with it, is perhaps one of the reasons for the success of OpenSSL (and nobody doubts that OpenSSL is widely used and quite successful). > If you absolutely must have every thing work exactly like OpenSSL to be > happy, then use OpenSSL. Complaints about NSS, that it isn't exactly > like OpenSSL aren't going to motivate NSS to change much. Absent > cryptographic functionality is one thing. Absent emulation of OpenSSL > is quite another. Near the beginning of this thread, I asked for people > to report absent crypto functionality. But so far, what I've heard is: > "It isn't OpenSSL", which is not a statement about cryptographic > functionality. Well, consider that people are familiar with OpenSSL commands and new users get quickly used to it. This "might" be what others are looking for when checking out NSS and other libraries (and decide to forget about it). I haven't really coded with NSS, but perhaps the same "might" be true here as well? I wouldn't categorically deny the advantages of OpenSSL without thinking about what can improved at NSS... -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
