Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Google Is Maintaining A "BoringSSL" Fork Of OpenSSL

  1. #11
    Join Date
    May 2012
    Posts
    116

    Default

    Quote Originally Posted by sunweb View Post
    And since Google has alot users linked to their web services it pretty much means they're forcing other projects to use it as well and then at some point they will use only google tech.
    They can't force other projects to use BoringSSL. It's an implementation of a standardized protocol.

  2. #12
    Join Date
    Apr 2008
    Posts
    173

    Default

    Quote Originally Posted by sunweb View Post
    And since Google has alot users linked to their web services it pretty much means they're forcing other projects to use it as well and then at some point they will use only google tech.
    What?! Google's web service are accessed with standard HTTPS interface. Their server happens to run BoringSSL to handle SSL/TLS, whereas you could be accessing their services using a client running openSSL, LibreSSL, or even completely different implementations like GnuTLS or Mozilla NSS. As long as it speaks SSL/TLS any library is valid and nobody is forcing anything on no-one.

    Quote Originally Posted by brad0 View Post
    The word "ready" does not seem to mean what you think it does. It is being used now. The base code is intentionally OpenBSD-only to keep it very lean and clean.
    And beside, they try to be as POSIX-compatible as possible (whereas original openSSL tended to reinvent and reimplement their own wheel. several time over).
    As Theo mentions, as long as you re-implement a few basic security functions, correctly, LibreSSL port is done.
    Granted, this is not-trivial (these are special secure version of functionnality. Great care must be taken to insure that they work without leaking info). But good developpers with security knowledge should be able to do it.

    ------

    Over-all, specially given the announcement on both sides (from LibreSSL and BoringSSL) we might see very fruitful collaboration between the too.
    So this is not heading the same direction as Wayland vs. Mir. In fact, in the long run, it might end up converging like the various LLVM arm 64bits back-end (AArch64 and Apple's converging together).

    At least, this sound as a possible source of corporate push and ressource (the things that Libressl was aking for, and for some reasons The Linux Foundation didn't consider when speaking about adding ressources to openSSL's development).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •