<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:14pt"><div id="yiv0710166089" class="" style=""><div class="" style=""><div style="background-color: rgb(255, 255, 255);" class=""><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="color: rgb(0, 0, 0); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 14pt;" class=""><span id="yiv0710166089yui_3_16_0_5_1406869984832_13" class="" style="">There's a great video explaining LibreSSL and how we differ from OpenSSL:</span></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="color: rgb(0, 0, 0); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 19px; background-color: transparent; font-style: normal;" class=""><span id="yiv0710166089yui_3_16_0_5_1406869984832_16" class=""
style=""><br clear="none" style=""></span></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><span id="yiv0710166089yui_3_16_0_5_1406869984832_19" class="" style="">https://www.youtube.com/watch?v=-4psTQ1sX7s<br clear="none" class="" style=""></span></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><span class="" style=""><br></span></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><span class="" style="">I've been working on exploit mitigation in BIND, which will be released very soon, and this significantly improves the security of BIND. I agree that more can be done to improve DNS and DNSSEC security.</span></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><span class="" style=""><br></span></div><div
id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class="">I agree that writing secure code in C is difficult. I believe that bounded-buffer operations (strlcat/strlcpy), strict IPC API, dropping privileges as soon as you don't need it, and sandboxing help mitigate security issues.</div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><br></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class="">As for the ciphers, I would welcome them in OpenSSH if they're are reasonably licensed under an a liberal license :-)</div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><br></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class="">I'm also interested in improving Internet's Security by pushing new security ideas into popular Open
Source software. I also believe that a lot can be gained from formal analysis & other theorems that can be used to improve security particularly for LibreSSL crypto framework to avoid another issue like CCS injection :-)</div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><br></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class="">//Logan</div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class="">C-x-C-c</div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><br></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><br></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><br></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4"
style="background-color: transparent;" class=""><br></div><div id="yiv0710166089yui_3_16_0_5_1406869984832_4" style="background-color: transparent;" class=""><span class="" style=""><br></span></div> <div class="" id="yiv0710166089yqt30910" style="color: rgb(0, 0, 0); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 14pt;"><div class="" id="yiv0710166089yui_3_16_0_5_1406869984832_7" style="display: none;"> <div class="" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:14pt;"> <div class="" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:12pt;"> <div dir="ltr" class="" style=""> <font size="2" face="Arial" class="" style=""> On Thursday, 31 July 2014, 22:00, David SAUVAGE - AdaLabs Ltd <david.sauvage@adalabs.com> wrote:<br clear="none" class="" style=""> </font> </div> <br
clear="none" class="" style=""><br clear="none" class="" style=""> <div class="" style=""><div id="yiv0710166089" class="" style=""><div class="" style="">
<div class="" style=""><br clear="none" class="" style="">
Great initiative, <br clear="none" class="" style="">
<br clear="none" class="" style="">
I would like to read on the project objectives and learn how
existing and yet unknown issues on existing SSL implementations
will be avoided in the LibreSSL implementation initiative.<br clear="none" class="" style="">
<br clear="none" class="" style="">
From my point of view, one of the issues concerning the
implementation is the /language/technology/, let's take the BIND
project as an example.<br clear="none" class="" style="">
<br clear="none" class="" style="">
The BIND [1] project, /was/is/ the most commonly used domain name
server, is an open source project that exists from years
(/partly/mostly/ funded by the way), started in the 80's. After
some complete rewrites, can we say that the latest BIND
implementation contains the necessary safe and secure properties
needed by open source community needs ? [2] [8]<br clear="none" class="" style="">
<br clear="none" class="" style="">
Ironsides [3], is an open source domain name server
implementation (with a smaller perimeter than BIND) that is
provably invulnerable to many of the problems that plague other
servers [6] [7]. Ironsides, started a few years ago, is now
available in FreeBSD ports since a few months [4]<br clear="none" class="" style="">
<br clear="none" class="" style="">
We have started a libre project called SPARKAda OpenSSH Ciphers
[5], where we aim to implement formally proven, safe and secure
and high integrity Ciphers for both information systems and
embedded systems.<br clear="none" class="" style="">
<br clear="none" class="" style="">
Now let's forget the technology side, talking from an open source
community perspective, as a libre software evangelist, I am always
interested in the sustainable development side of the open source
community, and we can make big improvements !<br clear="none" class="" style="">
<br clear="none" class="" style="">
Cheers,<br clear="none" class="" style="">
<br clear="none" class="" style="">
<br clear="none" class="" style="">
[1] <a rel="nofollow" shape="rect" class="" target="_blank" href="http://en.wikipedia.org/wiki/BIND" style="">http://en.wikipedia.org/wiki/BIND</a><br clear="none" class="" style="">
[2]
<a rel="nofollow" shape="rect" class="" target="_blank" href="https://security-tracker.debian.org/tracker/source-package/bind9" style="">https://security-tracker.debian.org/tracker/source-package/bind9</a><br clear="none" class="" style="">
[3] <a rel="nofollow" shape="rect" class="" target="_blank" href="http://ironsides.martincarlisle.com/" style="">http://ironsides.martincarlisle.com/</a><br clear="none" class="" style="">
[4] <a rel="nofollow" shape="rect" class="" target="_blank" href="http://svnweb.freebsd.org/ports/head/dns/ironsides/" style="">http://svnweb.freebsd.org/ports/head/dns/ironsides/</a><br clear="none" class="" style="">
[5] <a rel="nofollow" shape="rect" class="" target="_blank" href="http://adalabs.com/products-sparkada_openssh_ciphers.html" style="">http://adalabs.com/products-sparkada_openssh_ciphers.html</a><br clear="none" class="" style="">
[6] <a rel="nofollow" shape="rect" class="" target="_blank" href="http://ironsides.martincarlisle.com/globecom_2012.pdf" style="">http://ironsides.martincarlisle.com/globecom_2012.pdf</a><br clear="none" class="" style="">
[7] <a rel="nofollow" shape="rect" class="" target="_blank" href="http://ironsides.martincarlisle.com/ICRST2013.pdf" style="">http://ironsides.martincarlisle.com/ICRST2013.pdf</a><br clear="none" class="" style="">
[8]
<a rel="nofollow" shape="rect" class="" target="_blank" href="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html" style="">http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html</a><br clear="none" class="" style="">
<br clear="none" class="" style="">
<pre class="" style="">--
David SAUVAGE
Software Agile Architect, Director
AdaLabs Ltd - Mauritius
<a rel="nofollow" shape="rect" class="" target="_blank" href="http://adalabs.com/" style="">http://adalabs.com</a>
</pre>
<br clear="none" class="" style="">
<br clear="none" class="" style="">
On 07/26/2014 08:42 AM, Loganaden Velvindron wrote:<br clear="none" class="" style="">
</div>
<blockquote type="cite" class="" style="">
<div class="" id="yiv0710166089yqt36299" style=""><div class="" style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:14pt;">
<div class="" style="">Hi guys,</div>
<div class="" style=""><br clear="none" class="" style="">
</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">I wish to thank all of the supporters of
LibreSSL, particularly on our small island.</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;"><br clear="none" class="" style="">
</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">FreeBSD, Gentoo and ArchLinux have
imported LibreSSL into their repositories.</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;"><br clear="none" class="" style="">
</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">We hope to see others follow :-)</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;"><br clear="none" class="" style="">
</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">LibreSSL is SSL done right ;-)</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;"><br clear="none" class="" style="">
</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">Kind regards,</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">//Logan</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">C-x-C-c</div>
<div class="" style="color:rgb(0, 0, 0);font-size:19px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;"><br clear="none" class="" style="">
</div>
</div></div>
<br clear="none" class="" style="">
<fieldset class="" style=""></fieldset>
<br clear="none" class="" style="">
<pre class="" style="">__________________________________________________________
Linux User Group of Mauritius (LUGM) Discuss mailing list
Website: <a rel="nofollow" shape="rect" class="" target="_blank" href="http://lugm.org/" style="">http://lugm.org</a>
Mailing list archive: <a rel="nofollow" shape="rect" class="" target="_blank" href="http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/" style="">http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/</a>
Forum: <a rel="nofollow" shape="rect" class="" target="_blank" href="http://lugm.org/forum/" style="">http://lugm.org/forum/</a>
IRC: #linux.mu on Freenode</pre>
</blockquote>
<br clear="none" class="" style="">
<br clear="none" class="" style="">
</div></div><br clear="none" class="" style=""><br clear="none" class="" style=""></div> </div> </div> </div></div> </div></div></div></div></body></html>