BIND 10 #2822: remove dependecies to OpenSSL, use Botan instead
BIND 10 Development
do-not-reply at isc.org
Tue Mar 5 11:49:11 UTC 2013
#2822: remove dependecies to OpenSSL, use Botan instead
-------------------------------------+-------------------------------------
Reporter: cas | Owner:
Type: enhancement | UnAssigned
Priority: medium | Status: new
Component: build system | Milestone: New
Keywords: | Tasks
Sensitive: 0 | Resolution:
Sub-Project: Core | CVSS Scoring:
Estimated Difficulty: discuss | Defect Severity: N/A
Total Hours: 0 | Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
Comment (by cas):
Replying to [comment:10 fdupont]:
> => so please create a new one: subject "simpler cmdctl security",
requirements: simple and as least as secure than SSL/TLS (note security
here is authentication and message integrity, not encryption nor anti-
replay).
As I pointed out, I'm not against TLS/SSL. TLS/SSL is probably the best
way to secure the BIND 10 remote API. Most application developers know how
to open a TLS/SSL socket. It is supported in most programming languages.
BIND 10 APIs should be open and easy to use, but at the same time secure.
Good use of TLS/SSL can provide that.
I don't like the fact that two different crypto libraries are required to
run BIND 10.
> => but a simpler and as least as secure solution not based on TLS/SSL
removes the issue doesn't it?
It might remove this one issue by creating a larger new issue. That is not
a good tradeoff.
--
Ticket URL: <http://bind10.isc.org/ticket/2822#comment:11>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list