[Swan-dev] [cryptography] Announcing Mozilla::PKIX, a New Certificate Verification Library (fwd)

Paul Wouters paul at nohats.ca
Thu Apr 10 18:46:28 EEST 2014


On Thu, 10 Apr 2014, Lennart Sorensen wrote:

> I am just looking at the fact that if you want to get a product fips
> certified, you have to deal with checking openssl, gnutls and nss.
> That's a lot of duplication.

And with openswan not compiled for NSS, you have a fourth set of crypto
to certify.

> Is NSS really that good?

For us, NSS has some clear advantages (see previous email)

But I don't know anyone who is happy with their crypto library.

It would be great if the latest openssl disasters would lead to a new
crypto library that is much more usable, is certified and audited,
and can be used for FIPS compliant systems. We just need a kickstarter
with a couple of million dollars to make this happen :/


Paul


More information about the Swan-dev mailing list