[OTR-dev] OTRv4 and OpenSSL 1.1.1
Carsten Mattner
carstenmattner at gmail.com
Wed Sep 26 07:31:44 EDT 2018
I know libotrng isn't an official cypherpunks project yet, but it's been
discussed here before, and the following topic had been debated as well.
Hence, allow me to bring this up here, and please let me know if I ought
to take the discussion to libotrng's github tickets.
Now that OpenSSL 1.1.1 has been released with quite a few NaCl ciphers, I
think it's worthwhile to ask what the new crypto lib requirements for
OTRv4 would be. It seems to me that OpenSSL 1.1.1 would be sufficient, and
it's very likely that LibreSSL will sync, if they didn't already. Of
course, BoringSSL might or might not include the new ciphers. It's a
different project with different plans.
See https://www.openssl.org/news/openssl-1.1.1-notes.html
It would certainly, as discussed before, and concluded with a respectful
disagreement, be much easier to deploy libotrng, if it only depended on a
newer OpenSSL/LibreSSL. Instead of gcrypt, sodium, and goldilocks
combined.
If we can achieve that, it would be:
- libc
- glib
- openssl
- libotr (to fall back for protocol v3)
This is more than enough for a cross-platform library that has to be built
and used on macOS, Windows, Linux, *BSD, QNX, Android, iOS, you name it.
We might disagree again, but I find it less error prone to track fewer
third party libs when one is, for unfortunate reasons, forced to bundle
said libraries.
More information about the OTR-dev
mailing list