On 24/01/15 20:34, Coyo wrote:
> I have three separate questions, and I apologize in advance for posting
> to multiple newsgroups and mailservs.
>
> But I was taught two things by some very smart individuals:
>
> 1) The only dumb question is an unasked one, and
> 2) When dealing with serious cryptography, do not guess, ask an actual
> cryptographer.
>
> So I have a few separate but related questions:
>
> Is is possible to use OpenPGP in DANE? What do I need to do this?
>
> Can I redirect applications that rely specifically on OpenSSL to use NSS
> or GnuTLS instead somehow?
You need to recompile them with support for NSS or GnuTLS, this may
require some coding from your part as not all applications has the code
written so that they can support all the different libraries.
You can of course recompile your applications to use LibreSSL instead of
OpenSSL, this will not require any code change, but needs the
application to be compiled against LibreSSL or else you will have some
really nasty vulnerabilities.
> Are calls to OpenSSL standardized in some what? Could a simple symlink work?
No, a symlink will not work, as they do not have the same function
names/arguments. LibreSSL could replace OpenSSL, but due of some
differences between them, this would cause some vulnerabilities which do
not exist in LibeSSL nor OpenSSL, but due of compiling an application
against one of them and then using the other.
> DANE is a fascinating system, and some applications I am interested in
> optionally use DANE to verify the authenticity of certificates/keys. Is
> it possible to use DANE locally to indirectly use GnuTLS or NSS as
> backend cryptographic libraries?
Can't tell that as I haven't used it, just download the source code and
see if there is support for alternatives for OpenSSL.
> Does PowerDNS or any of the common DANE-supporting nameservers
> explicitly support cryptographic libraries other than OpenSSL? I made
> several attempts to divine this knowledge, and was unsucessful. Perhaps
> my Google-fu is not enough.
Same as for dane.
--
//Aho