[gnutls-devel] GnuTLS | WIP: RFC7250 Raw public keys (!650)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Mon Sep 17 11:46:16 CEST 2018
Tom commented on a discussion on lib/includes/gnutls/gnutls.h.in:
> unsigned idx,
> gnutls_datum_t * response);
> +/* RAW public key functions (RFC7250) */
> +#ifdef ENABLE_RAWPK
I think the main reason would be to reduce the size of the library yes. Only compile that features that you use. For normal systems a large library is not an issue anymore but for constrained devices it could be. I don't know whether we want to target smaller devices and OSs?
Also, a second reason that I can think of is that if you have a smaller code base you also have a smaller attack surface. Of course we aim at perfect code but you never know for sure where you will have vulnerabilities. You don't have to care about parts of the code that you disable and don't use.
Furthermore, I actually blindly followed the approach that is applied to other parts of the code where functionality and authentication mechanisms are compiled conditionally and can be enabled/disabled via the configure script. I think you have a better point of view of what should be conditional and what not.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_101779096
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel