[19996] in cryptography@c2.net mail archive
Re: GnuTLS (libgrypt really) and Postfix
daemon@ATHENA.MIT.EDU (Daniel Carosone)
Thu Feb 16 09:55:05 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 16 Feb 2006 13:14:59 +1100
From: Daniel Carosone <dan@geek.com.au>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: Werner Koch <wk@gnupg.org>,
"James A. Donald" <jamesd@echeque.com>,
Dave Korn <davek_throwaway@hotmail.com>, cryptography@metzdowd.com
Mail-Followup-To: "Steven M. Bellovin" <smb@cs.columbia.edu>,
Werner Koch <wk@gnupg.org>, "James A. Donald" <jamesd@echeque.com>,
Dave Korn <davek_throwaway@hotmail.com>, cryptography@metzdowd.com
In-Reply-To: <20060214212635.ED4BE3C028E@berkshire.machshav.com>
--NqSa+Xr3J/G6Hhls
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Feb 14, 2006 at 04:26:35PM -0500, Steven M. Bellovin wrote:
> In message <87bqx9zm0h.fsf@wheatstone.g10code.de>, Werner Koch writes:
> >I agree. However the case at hand is a bit different. I can't
> >imagine how any application or upper layer will be able to recover
> >from that error (ENOENT when opening /dev/random). Okay, the special
> >file might just be missing and a mknod would fix that ;-). Is it the
> >duty of an application to fix an incomplete installation - how long
> >shall this be taken - this is not the Unix philosophy.
>=20
> It can take context-specific error recovery. Maybe that's greying out=20
> the "encrypt" button on a large GUI. Maybe it's paging the system=20
> administrator. It can run 'mknod' inside the appropriate chroot=20
> partition, much as /sbin/init on some systems creates /dev/console. It=
=20
> can symlink /dev/geigercounter to /dev/random. It can load the kernel=20
> module that implements /dev/random. It can do a lot of things that may=
=20
> be more appropriate than exiting. =20
Or an even simpler example: maybe it will still be a fatal error, but
there's some important state outside the library being called that it
should clean up before exiting so abruptly. =20
Somehow, applications that are consumers of crypto libraries seem like
likely candidates for this sort of thing.
--
Dan.
--NqSa+Xr3J/G6Hhls
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)
iD8DBQFD8+AjEAVxvV4N66cRAgZyAKDqC86P4nAv2tRDP0C+rlZA37rO8ACgtUtq
r0lphgXuzFiZeZG7osblwUQ=
=9pJP
-----END PGP SIGNATURE-----
--NqSa+Xr3J/G6Hhls--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
