[19977] in cryptography@c2.net mail archive
Re: GnuTLS (libgrypt really) and Postfix
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Tue Feb 14 13:16:23 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 14 Feb 2006 12:47:42 -0500
From: Victor Duchovni <Victor.Duchovni@MorganStanley.com>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <43F14417.1000307@echeque.com>
On Tue, Feb 14, 2006 at 12:44:39PM +1000, James A. Donald wrote:
> Absent exception handling, mission critical tasks should have no
> exceptions, which is best accomplished by the die-on-error standard.
>
Absent good library design, the developer's goals are best accomplished
with the roll-your-own standard.
If the authors of libgrypt instead of saying "sorry, we know, it is a
difficult problem, we are working on it", instead become defensive and
erect false dichotomies to defend the developer from his own folly, I
can add libgrypt to my list of tools to avoid when building large systems.
As I said before, Postfix does not use GnuTLS directly, rather it is
sometimes a victim of libgrypt design via GnuTLS imbedded in the system
LDAP library.
The current libgrypt is IMHO not suitable for linking into LDAP libraries,
database client-server communication libraries, SMTP servers...
As for Postfix, it does entropy gathering out-of-process (in the tlsmgr(8)
daemon). The SMTP server and client daemons get entropy indirectly from
tlsmgr(8) to seed their internal PRNG. Postfix uses OpenSSL, and error
conditions in OpenSSL are recoverable (Postfix can and will return 454 in
response to STARTTLS, fatal errors are not appropriate in this context).
Postfix makes use of error reporting hooks in MySQL, PgSQL, SASL, OpenSSL,
(non-GnuTLS) OpenLDAP... none of these have been reported to abruptly
terminate the calling process instead of reporting errors to the caller.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
