[Swan-dev] [cryptography] Announcing Mozilla::PKIX, a New Certificate Verification Library (fwd)
Paul Wouters
paul at nohats.ca
Thu Apr 10 18:46:28 EEST 2014
On Thu, 10 Apr 2014, Lennart Sorensen wrote:
> I am just looking at the fact that if you want to get a product fips
> certified, you have to deal with checking openssl, gnutls and nss.
> That's a lot of duplication.
And with openswan not compiled for NSS, you have a fourth set of crypto
to certify.
> Is NSS really that good?
For us, NSS has some clear advantages (see previous email)
But I don't know anyone who is happy with their crypto library.
It would be great if the latest openssl disasters would lead to a new
crypto library that is much more usable, is certified and audited,
and can be used for FIPS compliant systems. We just need a kickstarter
with a couple of million dollars to make this happen :/
Paul
More information about the Swan-dev
mailing list