BIND 10 #2822: remove dependecies to OpenSSL, use Botan instead
BIND 10 Development
do-not-reply at isc.org
Tue Mar 5 23:02:38 UTC 2013
#2822: remove dependecies to OpenSSL, use Botan instead
-------------------------------------+-------------------------------------
Reporter: cas | Owner:
Type: enhancement | UnAssigned
Priority: medium | Status: new
Component: build system | Milestone: New
Keywords: | Tasks
Sensitive: 0 | Resolution:
Sub-Project: Core | CVSS Scoring:
Estimated Difficulty: discuss | Defect Severity: N/A
Total Hours: 0 | Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
Comment (by fdupont):
> As I pointed out, I'm not against TLS/SSL. TLS/SSL is probably the best
way to secure the BIND 10 remote API. Most application developers know how
to open a TLS/SSL socket. It is supported in most programming languages.
=> your argument is not consistent: this support comes in > 90% fro
OpenSSL so you should not at the same time be in favour of SSL/TLS and
against OpenSSL.
> BIND 10 APIs should be open and easy to use, but at the same time
secure. Good use of TLS/SSL can provide that.
=> I want to see the security analysis first. If the BIND 10 control
channel has the same requirement than the BIND 9 one only origin
authentication and message integrity are required. SSL/TLS is not
providing these, in particular it is well known to be weak on the
authentication side (more from the way it is (mis)used than by design),
and of course encryption is more than useless.
--
Ticket URL: <http://bind10.isc.org/ticket/2822#comment:12>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list