LGPL library using only LGPL-parts of partially GPL shared library (gnutls, nettle)
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Feb 21 15:03:14 CET 2011
Hello Werner,
I know... My main issues with libgcrypt are that I
got the impression that it is intended to be used
as a back-end of gnupg and other uses are not
considered or are considered as side-effects...
My main issues were:
* performance... gcrypt is very slow in the software
implementation of AES and SHA-1, comparing to
other libraries and nettle... Moreover it uses its
own gmp that prevents from including all optimizations
added to the original gmp library.
* mandates how the library is going to be used by
using setuid etc... Why shouldn't a setuid application
perform TLS? Indeed there are risks but it should be
the application developer to decide, not us.
* lack of low level functions to perform RSA/DSA/ECC.
* gpg-error... adds a library dependence for something
that is really simple and could be part of libgcrypt
anyway. For non-gnupg applications there is nothing
to be gained by this shared library.
Especially performance is a big issue in gnutls, since e.g. in
mod_gnutls we can have a server performing crypto with nettle
in 50% load, while with libgcrypt the server is on it's capacity
at 100% load. Those issues are better in libnettle. However
there are also things that are very nice to be in libgcrypt such as:
* ECC
* transparent usage of AES instructions in the VIA cpu
* (the same in the intel/amd CPUs now)
* consistent and simple API
It would be very nice to have a single gnu crypto library that
has all the advantages of both of them.
regards,
Nikos
On Mon, Feb 21, 2011 at 2:19 PM, Werner Koch <wk at gnupg.org> wrote:
> On Sun, 20 Feb 2011 16:12, nmav at gnutls.org said:
>
>> [0]. This might be an issue in later releases that support
>> the GCM ciphersuites (in master only) that are not supported
>> by libgcrypt.
>
> Nikos, if you need support for GCM it would be a good idea to request
> such support in libgcrypt.
>
> Actually I am slowly preparing for 1.5 and if there is a need for GCM in
> the near future we should make supre that 1.5 has support for it. We
> can only implement stuff which we know about.
>
>
> Salam-Shalom,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
>
More information about the Gnutls-devel
mailing list