Announcement

Collapse
No announcement yet.

Google Is Maintaining A "BoringSSL" Fork Of OpenSSL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by sunweb View Post
    And since Google has alot users linked to their web services it pretty much means they're forcing other projects to use it as well and then at some point they will use only google tech.
    They can't force other projects to use BoringSSL. It's an implementation of a standardized protocol.

    Comment


    • #12
      Originally posted by sunweb View Post
      And since Google has alot users linked to their web services it pretty much means they're forcing other projects to use it as well and then at some point they will use only google tech.
      What?! Google's web service are accessed with standard HTTPS interface. Their server happens to run BoringSSL to handle SSL/TLS, whereas you could be accessing their services using a client running openSSL, LibreSSL, or even completely different implementations like GnuTLS or Mozilla NSS. As long as it speaks SSL/TLS any library is valid and nobody is forcing anything on no-one.

      Originally posted by brad0 View Post
      The word "ready" does not seem to mean what you think it does. It is being used now. The base code is intentionally OpenBSD-only to keep it very lean and clean.
      And beside, they try to be as POSIX-compatible as possible (whereas original openSSL tended to reinvent and reimplement their own wheel. several time over).
      As Theo mentions, as long as you re-implement a few basic security functions, correctly, LibreSSL port is done.
      Granted, this is not-trivial (these are special secure version of functionnality. Great care must be taken to insure that they work without leaking info). But good developpers with security knowledge should be able to do it.

      ------

      Over-all, specially given the announcement on both sides (from LibreSSL and BoringSSL) we might see very fruitful collaboration between the too.
      So this is not heading the same direction as Wayland vs. Mir. In fact, in the long run, it might end up converging like the various LLVM arm 64bits back-end (AArch64 and Apple's converging together).

      At least, this sound as a possible source of corporate push and ressource (the things that Libressl was aking for, and for some reasons The Linux Foundation didn't consider when speaking about adding ressources to openSSL's development).

      Comment

      Working...
      X