[lugm.org] LibreSSL gaining momentum
Loganaden Velvindron
gnukid1 at yahoo.co.uk
Sun Aug 3 18:41:09 UTC 2014
There's a great video explaining LibreSSL and how we differ from OpenSSL:
https://www.youtube.com/watch?v=-4psTQ1sX7s
I've been working on exploit mitigation in BIND, which will be released very soon, and this significantly improves the security of BIND. I agree that more can be done to improve DNS and DNSSEC security.
I agree that writing secure code in C is difficult. I believe that bounded-buffer operations (strlcat/strlcpy), strict IPC API, dropping privileges as soon as you don't need it, and sandboxing help mitigate security issues.
As for the ciphers, I would welcome them in OpenSSH if they're are reasonably licensed under an a liberal license :-)
I'm also interested in improving Internet's Security by pushing new security ideas into popular Open Source software. I also believe that a lot can be gained from formal analysis & other theorems that can be used to improve security particularly for LibreSSL crypto framework to avoid another issue like CCS injection :-)
//Logan
C-x-C-c
On Thursday, 31 July 2014, 22:00, David SAUVAGE - AdaLabs Ltd <david.sauvage at adalabs.com> wrote:
Great initiative,
I would like to read on the project objectives and learn how
existing and yet unknown issues on existing SSL implementations
will be avoided in the LibreSSL implementation initiative.
From my point of view, one of the issues concerning the
implementation is the /language/technology/, let's take the BIND
project as an example.
The BIND [1] project, /was/is/ the most commonly used domain name
server, is an open source project that exists from years
(/partly/mostly/ funded by the way), started in the 80's. After
some complete rewrites, can we say that the latest BIND
implementation contains the necessary safe and secure properties
needed by open source community needs ? [2] [8]
Ironsides [3], is an open source domain name server
implementation (with a smaller perimeter than BIND) that is
provably invulnerable to many of the problems that plague other
servers [6] [7]. Ironsides, started a few years ago, is now
available in FreeBSD ports since a few months [4]
We have started a libre project called SPARKAda OpenSSH Ciphers
[5], where we aim to implement formally proven, safe and secure
and high integrity Ciphers for both information systems and
embedded systems.
Now let's forget the technology side, talking from an open source
community perspective, as a libre software evangelist, I am always
interested in the sustainable development side of the open source
community, and we can make big improvements !
Cheers,
[1] http://en.wikipedia.org/wiki/BIND
[2] https://security-tracker.debian.org/tracker/source-package/bind9
[3] http://ironsides.martincarlisle.com/
[4] http://svnweb.freebsd.org/ports/head/dns/ironsides/
[5] http://adalabs.com/products-sparkada_openssh_ciphers.html
[6] http://ironsides.martincarlisle.com/globecom_2012.pdf
[7] http://ironsides.martincarlisle.com/ICRST2013.pdf
[8] http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html
-- David SAUVAGE Software Agile Architect, Director
AdaLabs Ltd - Mauritius http://adalabs.com
On 07/26/2014 08:42 AM, Loganaden Velvindron wrote:
Hi guys,
>
>
>I wish to thank all of the supporters of LibreSSL, particularly on our small island.
>
>
>FreeBSD, Gentoo and ArchLinux have imported LibreSSL into their repositories.
>
>
>We hope to see others follow :-)
>
>
>LibreSSL is SSL done right ;-)
>
>
>Kind regards,
>//Logan
>C-x-C-c
>
>
>
>
>__________________________________________________________
Linux User Group of Mauritius (LUGM) Discuss mailing list
Website: http://lugm.org Mailing list archive: http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/ Forum: http://lugm.org/forum/ IRC: #linux.mu on Freenode
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20140803/e3a209c4/attachment.html>
More information about the Discuss
mailing list