"R. Steve McKown" <rsmckown,AT,yahoo,DOT,com>, "James Yonan" <jim,AT,yonan,DOT,net>|
Re: About Peter Gutmann's critique of CIPE|
"James Yonan" <jim,AT,yonan,DOT,net>|
Fri, 26 Sep 2003 18:32:23 -0000|
<E1A2bsSemail@example.com> <firstname.lastname@example.org>, <email@example.com>|
"R. Steve McKown" <rsmckown,AT,yahoo,DOT,com> said:
> On Thursday 25 September 2003 08:57 pm, James Yonan wrote:
> > OpenVPN is a user-space VPN that is relatively lightweight, simple-to-use,
> > runs on 7 different OSes including Windows, and uses a high-security
> > crypto
> > model that so far has stood up well to analysis (even PG couldn't find
> > much
> > bad to say about it).
> Thanks for the great summary of OpenVPN!
> > [snip]
> > Today, many of the functions that CIPE is trying to do, both at the crypto
> > level and at the networking level, can be done quite well by external,
> > independently developed libraries and drivers. IMHO, to avail itself of
> > these resources would make CIPE a stronger, more lightweight solution.
> In our case, the relative weight of the solution has to include all
> dependencies, since the code of external dependencies has to be maintained
> someone (and is subject to defects, etc), stored on the system (small flash
> memory space), updated with every security release (more code = more
> and executed by the CPU. While I see the significant advantages of
> leveraging external libraries, considering "weight" at a systemic level I
> would expect CIPE to be significantly heavier if it used the OpenSSL
> libraries. For us, that seems to be a negative. I'd appreciate your
> thoughts on these comments.
Yes, OpenSSL makes a relatively large addition to executable size if you
statically link in all of the SSL/TLS capabilities.
OpenSSL can also be linked in as a shared library on either Windows or *nix.
On Windows, the DLL sizes are:
sh-2.04$ ls -l | grep dll
-rwxr-xr-x 1 jim Administ 1178769 Aug 13 07:52 libeay32.dll
-rwxr-xr-x 1 jim Administ 254171 Aug 13 07:52 libssl32.dll
(You typically need both DLLs if you want to use SSL/TLS functions).
On Linux, nearly every distribution that I'm aware of ships OpenSSL as a
shared library, so it doesn't directly add to executable size, though it does
increase the virtual memory footprint of the app.