Hacker News new | ask | show | jobs
by icefo 2162 days ago
This made me think of BoringSSL and LibreSSL again.

Looking up on Wikipedia it seems that LibreSSL is focused on OpenBSD and removed lots of legacy code. BoringSSL (Google) got renamed to Tink but I couldn't not find much more.

It's sad to see that duplication of effort but it's also the force of open source
7 comments
zdw 2162 days ago
OpenSSL recently changed licenses to Apache 2.0, which is a unacceptable in some of the BSDs, which made the LibreSSL fork more valuable from a licensing perspective for them.

Tink isn't really a rename, but an API wrapper to prevent misuse that happens to use BoringSSL internally.

link
Rafert 2162 days ago
BoringSSL is still alive, Tink is something completely separate.
link
cordite 2162 days ago
Google Tink is an encryption library providing a high level API for common cryptography problems. Such as authenticated encryption with associated data (AEAD). In a similar vein to libsodium, it's designed to not let you shoot yourself.

OpenSSL and it's forks expose the primitives directly, but as is the usual advice, don't roll your own crypto and say "We're using RSA 2048" because you copied an example from stack overflow without padding.

link
not2b 2162 days ago
The paper points to data showing that OpenSSL is still the dominant SSL implementation on the net, so it's the one that matters.
link
zdw 2161 days ago
If Windows is the dominant desktop computing platform, is it the only one the matters?
link
yjftsjthsd-h 2162 days ago
> It's sad to see that duplication of effort but it's also the force of open source

How's that a FOSS thing? Do you think there would be fewer TLS implementations running around if they were proprietary?

link
riffraff 2162 days ago
IIUC the point was that the ability to fork projects (and then potentially merge back) is one of the strengths of OSS, even if it means some duplicated effort.
link
mrweasel 2161 days ago
The duplicated effort is needed. The OpenSSLs mono-cultur was one of the reason Heartbleed, and other OpenSSL security issues, where such huge problems and affected so many.
link
leeoniya 2162 days ago
there is also https://www.wolfssl.com/
link
cordite 2162 days ago
https://bearssl.org/ is kinda cool too.
link