| To: | "R. Steve McKown" <rsmckown,AT,yahoo,DOT,com>, "James Yonan" <jim,AT,yonan,DOT,net> |
| Subject: | Re: About Peter Gutmann's critique of CIPE |
| From: | "James Yonan" <jim,AT,yonan,DOT,net> |
| Date: | Fri, 26 Sep 2003 18:32:23 -0000 |
| Cc: | <cipe-l,AT,inka,DOT,de> |
| In-reply-to: | <200309260836.25166.rsmckown@yahoo.com> |
| References: | <E1A2bsS-00033q-00@bigred.inka.de> <twig.1064545056.17652@yonan.net>, <twig.1064545056.17652@yonan.net> |
"R. Steve McKown" <rsmckown,AT,yahoo,DOT,com> said: > On Thursday 25 September 2003 08:57 pm, James Yonan wrote: > > OpenVPN is a user-space VPN that is relatively lightweight, simple-to-use, > > runs on 7 different OSes including Windows, and uses a high-security > > crypto > > model that so far has stood up well to analysis (even PG couldn't find > > much > > bad to say about it). > > Thanks for the great summary of OpenVPN! > > > [snip] > > > > Today, many of the functions that CIPE is trying to do, both at the crypto > > level and at the networking level, can be done quite well by external, > > independently developed libraries and drivers. IMHO, to avail itself of > > these resources would make CIPE a stronger, more lightweight solution. > > In our case, the relative weight of the solution has to include all > dependencies, since the code of external dependencies has to be maintained > by > someone (and is subject to defects, etc), stored on the system (small flash > memory space), updated with every security release (more code = more > defects) > and executed by the CPU. While I see the significant advantages of > leveraging external libraries, considering "weight" at a systemic level I > would expect CIPE to be significantly heavier if it used the OpenSSL > libraries. For us, that seems to be a negative. I'd appreciate your > thoughts on these comments. Yes, OpenSSL makes a relatively large addition to executable size if you statically link in all of the SSL/TLS capabilities. OpenSSL can also be linked in as a shared library on either Windows or *nix. On Windows, the DLL sizes are: sh-2.04$ ls -l | grep dll -rwxr-xr-x 1 jim Administ 1178769 Aug 13 07:52 libeay32.dll -rwxr-xr-x 1 jim Administ 254171 Aug 13 07:52 libssl32.dll (You typically need both DLLs if you want to use SSL/TLS functions). On Linux, nearly every distribution that I'm aware of ships OpenSSL as a shared library, so it doesn't directly add to executable size, though it does increase the virtual memory footprint of the app. James