Re: [Firebird-devel] RFC: Adding a cryptographic library for use in firebird

[Mark O'D. <mar...@gm...>]

Hi Nickolay!

firstly, good the hear from you!

That sounds fairly impressive, I am sorry I wasn't aware you had all
that, thats my fault of course, i didn't check the latest conference
notes or the red database site!  But I have had a quick look at the
presentation you made at the conference, and downloaded the source.  I
certainly do not want to be re-inventing the wheel, and I am sure we
can workout some way of merging our working, although yours is
currently a lot more comprehensive.  Now presumably you did intend for
those red database changes to go into fb3, or were they  scheduled for
inclusion in fb2.5?

Btw, I am very interested in looking at what you have done for the
enhanced client logon authentication.

Cheers - Mark


On Tue, Nov 25, 2008 at 1:43 PM, Nikolay Samofatov
<nik...@re...> wrote:
> It is generally illegal to use uncertified crypto code (e.g. DES, RSA,
> AES) in Russia. So it would be good not to include crypto libraries into
> Firebird directly.

I must admit I like things to come as standard, not to have to load a
bunch of extra plugins, plugins always causes trouble, dependencies
and version compatibility etc, and for bug reporting, so SSL doesnt
work in fbX.Y then you know exactly what bunch of code to blame, and
you dont have to clarify mixes and versions of software.  , Also you
don't have all the trouble of bending functionality to squeeze it
through a "standard" compatible with the previous version plugin
interface etc etc etc.

But having said that, plugins do have a place.  However, for a crypto
library because in time so much depends on it, I think it would be
good to have an included implementation, with the ability to plugin a
different one for special circumstances, such as Nickolay's, where for
them AES is still considered uncertified for use.


Cheers - Mark

BTW, I cant seem to access http:://www.wincrypt.com it seems to not
return anything,
is that the best site for wincrypt?