<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "R. Steve McKown" <rsmckown,AT,yahoo,DOT,com>, "James Yonan" <jim,AT,yonan,DOT,net>
Subject: Re: About Peter Gutmann's critique of CIPE
From: "James Yonan" <jim,AT,yonan,DOT,net>
Date: Fri, 26 Sep 2003 18:32:23 -0000
Cc: <cipe-l,AT,inka,DOT,de>
In-reply-to: <200309260836.25166.rsmckown@yahoo.com>
References: <E1A2bsS-00033q-00@bigred.inka.de> <twig.1064545056.17652@yonan.net>, <twig.1064545056.17652@yonan.net>

"R. Steve McKown" <rsmckown,AT,yahoo,DOT,com> said:

> On Thursday 25 September 2003 08:57 pm, James Yonan wrote:
> > OpenVPN is a user-space VPN that is relatively lightweight, simple-to-use,
> > runs on 7 different OSes including Windows, and uses a high-security 
> > crypto
> > model that so far has stood up well to analysis (even PG couldn't find 
> > much
> > bad to say about it).
> 
> Thanks for the great summary of OpenVPN!
> 
> > [snip]
> >
> > Today, many of the functions that CIPE is trying to do, both at the crypto
> > level and at the networking level, can be done quite well by external,
> > independently developed libraries and drivers.  IMHO, to avail itself of
> > these resources would make CIPE a stronger, more lightweight solution.
> 
> In our case, the relative weight of the solution has to include all 
> dependencies, since the code of external dependencies has to be maintained 
> by 
> someone (and is subject to defects, etc), stored on the system (small flash 
> memory space), updated with every security release (more code = more 
> defects) 
> and executed by the CPU.  While I see the significant advantages of 
> leveraging external libraries, considering "weight" at a systemic level I 
> would expect CIPE to be significantly heavier  if it used the OpenSSL 
> libraries.  For us, that seems to be a negative.  I'd appreciate your 
> thoughts on these comments.

Yes, OpenSSL makes a relatively large addition to executable size if you
statically link in all of the SSL/TLS capabilities.

OpenSSL can also be linked in as a shared library on either Windows or *nix. 
On Windows, the DLL sizes are:

sh-2.04$ ls -l | grep dll
-rwxr-xr-x    1 jim      Administ  1178769 Aug 13 07:52 libeay32.dll
-rwxr-xr-x    1 jim      Administ   254171 Aug 13 07:52 libssl32.dll

(You typically need both DLLs if you want to use SSL/TLS functions).

On Linux, nearly every distribution that I'm aware of ships OpenSSL as a
shared library, so it doesn't directly add to executable size, though it does
increase the virtual memory footprint of the app.

James


<< | Thread Index | >> ]    [ << | Date Index | >> ]