[LEDE-DEV] Uniform cryptography library
Matthias-Christian Ott
ott at mirix.org
Tue Dec 12 09:48:36 PST 2017
On 2017-12-12 01:12, Moritz Warning wrote:
> On 12/11/2017 07:10 PM, Matthias-Christian Ott wrote:
> [..]
>> Do you think it would be worth the effort to unify the cryptography
>> libraries in LEDE?
>
> This sounds like a huge task.
It is and needs a conscious commitment and decision of the project. So I
thought it is best to discuss it on the mailing list.
> Maybe you can extend a program so it supports a different crypto library that is also used in the LEDE/OpenWRT ecosystem.
That is the idea. LEDE would have a policy like, “If it is not
impossible, packages need to use TLS library A and cryptography library
B.” Package maintainers would adapt the package to these libraries. Then
they would try to contribute the modifications to the upstream
maintainer in hope that upstream maintainer would take over the
maintenance of the modifications; otherwise, the package maintainer
would have to maintain the modifications for LEDE.
> That would sound like a good start to reduce library baggage.
It certainly would be. The question is whether it is worth the effort.
We would gain some additional security and reduce the image size and
main memory requirements. Both memory sizes are increasing and so
perhaps it won't be a problem anymore before we finished the effort. I
think we also have some other areas where we could improve security more
effectively. So I'm not sure whether it is worth the effort and
therefore put the idea up for discussion. I do like the idea though that
a distribution is a larger integration effort than just compiling some
software and instead has a more ambitious conception of the overall system.
Matthias-Christian
More information about the Lede-dev
mailing list