OpenSC and OpenSSL

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

OpenSC and OpenSSL

Martin Paljak-4
Hash: SHA256

"OpenSSL must die, for it will never get any better."

While it is just the 2014 FOSDEM speak made more tangible, it is worth

The fact that OpenSC is interwoven with OpenSSL has been a long known
"trouble point". While it might be good for OpenSSL it certainly
doesn't make it better for OpenSC that Google is thinking of moving
from NSS to OpenSSL:

PHK suggests a "godsend" that doesn't exist yet, but something we
looked into a few years ago:

"We need a well-designed API, as simple as possible to make it hard
for people to use it incorrectly. And we need multiple independent
quality implementations of that API, so that if one turns out to be
crap, people can switch to a better one in a matter of hours."

While OpenSC doesn't depend on OpenSSL in the sense of being
vulnerable because of *SSL/TLS* issues in it (and partially thanks to
the policy that OpenSC *should not do crypto itself unless it has to*
but "delegate the problem to the card") we *really-really* need to
think how to handle this. So that adjustments could easily be made for
other platforms and libraries. Especially for any new code.

We probably can't get rid of OpenSSL overnight, nor must we do it, but
being able to do that easily and adjusting the internals of OpenSC so
that it would be *possible* in the first place, is something that
would contribute to the overall design (architecture) of OpenSC a
great deal. Lack of meaningful constraints hurts OpenSC rather than
helps. Borders, contracts, interfaces - all that seems like a useless
burden but in the end it is good to have some.

Other than that, I hope that not too many people think the same way of
OpenSC as they think of OpenSSL :)


- --
+372 515 6495
Comment: Pretty good, eh?


Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
Opensc-devel mailing list
[hidden email]