Google Forks OpenSSL, Announces BoringSSL

An anonymous reader writes Two months after OpenBSD's LibReSSL was announced, Adam Langley introduces Google's own fork of OpenSSL, called BoringSSL. "[As] Android, Chrome and other products have started to need some subset of these [OpenSSL] patches, things have grown very complex. The effort involved in keeping all these patches (and there are more than 70 at the moment) straight across multiple code bases is getting to be too much. So we're switching models to one where we import changes from OpenSSL rather than rebasing on top of them. The result of that will start to appear in the Chromium repository soon and, over time, we hope to use it in Android and internally too." First reactions are generally positive. Theo de Raadt comments, "Choice is good!!."

Yaaaay!

Just what I needed this Saturday, the announcement of yet another implementation of SSL by people I do not to trust

oh joy, oh rapture, etc. etc. etc.

Re:Yaaaay!

[TheGratefulNet]

right. google IS the premier spy company. they want ALL your data.

and so, we are supposed to trust google on things about SECURITY and where user TRUST is involved?

scuze me??

Re:Yaaaay!

[grub]

Google SSL... Now with a side channel for ads.

Re:Yaaaay!

[Megane]

Yes. Because they don't want anyone else to have that data that they have gone to such effort to collect.

Or at least not without paying for it.

Re:Yaaaay!

Well, that's a great reason. Now, go eat more crumbs, capitalist pig.

Re:Yaaaay!

[Opportunist]

I prefer to eat capitalists.

Re:Yaaaay!

Whom can you trust, really?

Re:Yaaaay!

[danomac]

What do you do about the aftertaste afterwards?

Re:Yaaaay!

[armanox]

Vodka, comrade

Re:Yaaaay!

[swillden]

Yes. Because they don't want anyone else to have that data that they have gone to such effort to collect.

Or at least not without paying for it.

FYI, Google does not sell user data.

Re:Yaaaay!

Yes, they take payments to exploit your data on behalf of third parties.

Re:Yaaaay!

[Zeek40]

You expect to be billed for it. With interest.

Re:Yaaaay!

[martin-boundary]

If they end up having a monopoly on the information, they can just sell it to others after they've collected it. So end effect is, lots of people have your data, but Google gets to profit from it TWICE. Way to go, knucklehead. Once the fox is allowed into the henhouse, it's game over. The only winning move is to kill the fox.

Re:Yaaaay!

[spectrumlogic]

Isn't is about time we acknowledge the corporate cleansing ritual of open source participation also contributes to the gentrification of peer communities...and it might be a bit more complex than simply an unintended consequence? The traditional conflict set between open source and corporate collaboratives persist with the possible driver that open source is now broadly recognized as an effective competitive method. As a more or less direct result, monetized communities like OpenSSL will be presented with trade-offs...similar to those discussed in this thread...from their new overlords. Unfortunately, acceptance of such trade-offs may also be viewed as a function of timing whose eventual destination can be plotted against mission imperatives whose purpose is to re-introduce the persistent conflict set from a position of power...presumably with a different outcome. The bottom line is that it is unlikely gentrified open source projects will be easy to differentiate from thier corporate counterparts...with the exception that the peer community takes much of the risk out of development projects...which non-coincidentally support proprietary products.

Re:Yaaaay!

[Opportunist]

Who said I'll pay?

Re:Yaaaay!

[Zeek40]

The debtor's prisons that we've started running. Because we've reverted a medieval mentality.

Re:Yaaaay!

[Opportunist]

Considering how that eventually ended, I'd start watching over my neck if I was part of the modern aristocracy.

It might be missing suddenly.

Choice is good

[manu0601]

Choice is good, but I am not sure whether mess is good too. How much time before the OpenSSL forks get incompatibles API?

Re:Choice is good

[neoform]

I'd assume once a clear winner is chosen as to which is better...

I don't see the open source SSL library 'market' being the next browser war where incompatibility makes one product win over another...

Re:Choice is good

[Noah+Haders]

problem is if one solution is good for everybody but google implements boringssl in all their services and products, then everybody will be using boringssl regardless.

Re:Choice is good

That doesn't matter in the least. SSL is SSL. BoringSSL can talk to OpenSSL can talk to LibreSSL can talk to PolarSSL can talk to CyaSSL can talk to GnuTLS can talk to NSS. There will not be "browser wars" here, because it doesn't matter if their APIs are compatible. They all speak SSL on the other end. You use whichever one you like, with whichever API fits your application, and it will speak SSL.

Re:Choice is good

problem is if one solution is good for everybody but google implements boringssl in all their services and products, then everybody will be using boringssl regardless.

Why? Unless you have no idea how the SSL protocol works you would know that which versions or vendors are used is irrelevant.

How will they address the attitude problem?

A huge part of the problem with OpenSSL is the attitude that anyone but the "Anointed Few" are discouraged from getting involved with security research or the development of cryptographic software.

I know we're all familiar with the common saying, "Never roll your own crypto!" It's this attitude that drives good people away from even just analysing existing crypto code. Nobody wants to feel the unrelenting wrath of the security community toward outsiders, especially if you happen to find a flaw with something they created.

How will Google avoid this aspect of the problem? Fixing the software bugs are one thing, but the bugs within the community itself are probably far harder to fix.

Re:How will they address the attitude problem?

[colfer]

Maybe by assigning people to the project who have not chosen security as a career field. On the Mozilla commits I used to follow, the personalities in the security arena were a different kettle of fish from the other developers. They had to maintain FIPS compliance, so were conservative about changes, but it was more than that. Not to mention, there's a possibility of workers with ulterior motives. All the more reason to develop a wider community than just self-selected specialists.

The billion dollar companies can afford it, and should have a long time ago.

Re:How will they address the attitude problem?

. They had to maintain FIPS compliance, so were conservative about changes

IIRC OpenSSL also had to maintain FIPS compliance, it was one of the excuses used to claim why the very limited manpower wasn't used to improve actual security.

Re:How will they address the attitude problem?

Don be ridiculous. Nobody is preventing you from reading the source code of FOSS crypto libraries. If you somehow manage to find a flaw and explain how it is a flaw (it isn't always obvious), there won't be an "unrelenting wrath of the security community toward outsiders" against you.

If you want to use libraries written by amateurs that is your problem. That makes as much sense as getting a random person to fix a complex problem in your car because you think mechanics are hostile toward people who have no idea what they're babbling about.

People love to rant on how OpenSSL failed with heartbleed, how all communities they're not part of are evil. But when the time comes to do the work, for free (go look how many millions OpenSSL doesn't make), it's only those with an "attitude problem" who get things done.
Here's an idea: create your own crypto library and run it with your own rules. You can even fork an existing project.

Re:How will they address the attitude problem?

I understand why people sometimes think that security people are overly pedantic, and how that can slow down the development, but the ideal goal in security is to attain 100% bugfree code. The security people can't do everything by themselves, but as soon as a choice is made which fails to take security into consideration then the security will suffer, and to fix it you have to stop the development until the changes have been reviewed. Such pauses are not possible in projects with other focus areas than security, which means that the product becomes more and more insecure.

What the security people do then, because they are not allowed to make a secure product, is to at least make sure that the FIPS compliance is maintained. It's not the same as making the product secure, but it's a simple enough thing to quote when you are forced to ask people to be more careful with what they commit to the codebase. And then, eventually, their joy of creating a beautiful secure system which helps millions of people is lost, and they become bitter...

This is why I like LibreSSL. They will be allowed to focus on the security, and the joy that brings will also motivate them to do a good job. Once it is completed, it will be the only viable crypto library.

Re:How will they address the attitude problem?

[Hognoxious]

How will Google avoid this aspect of the problem?

By putting such a horrible UI on it that nobody uses it. And then dropping it in about 6 months.

Choice is NOT ALWAYS good

In many cases, having one "standard" that everyone follows, and therefore everyone can communicate with is much better than "choice" of which vendor to be locked into or which web engines are worth programming for. Compare email (you can choose your provider, but regardless, you can email anyone) vs. social networking (if you choose Facebook and your friend is the one person on Google+, you're out of luck)

In this case, I don't see too much wrong with the fork, but I don't trust Google, and I'm afraid that if enough websites use "BoringSLL" (what the hell kind of name is that btw?) Google will do something evil involving advertising or selling your data.

Re:Choice is NOT ALWAYS good

[colfer]

BoringSSL is a great name and directly addresses what got OpenSSL into trouble most recently, implementing a new protocol parameter based on a student's idea for a degree thesis. Innovation for innovation's sake, that was. Hurriedly applied for some reason.

And it's not something a website would "use," if you mean a high level protocol akin to "https." It's a library to implement common standards.

Re:Choice is NOT ALWAYS good

[NotInHere]

Compare email (you can choose your provider, but regardless, you can email anyone) vs. social networking (if you choose Facebook and your friend is the one person on Google+, you're out of luck)

That's one of the reasons why I have email, jabber, and sms (and webrtc), but no social network.

Re: Choice is NOT ALWAYS good

[aojensen]

If I recall correctly, OpenSocial tried to solve exactly that problem?

Re: Choice is NOT ALWAYS good

[aojensen]

If I recall correctly, OpenSocial tried to solve exactly that problem? http://opensocial.org/

Re:Choice is NOT ALWAYS good

Google will do something evil involving advertising

Oh advertising! How evil! Advertising is what supports most web sites and services, it doesn't all come for free so would you rather it all be behind paywalls?

or selling your data.

Data ultimately gets shared, trying to keep it secret and control distribution of it is as pointless as fighting piracy with DRM. If you don't want data shared then don't disseminate it to anybody. Copyrights and Privacy rights are not the shackles you wish them to be, they are simply guidelines for co-operative society to follow, enforced where possible.

Google now backs libressl?

In some ways the announcement makes sense in technical terms, yet still doesn't seem entirely straight. The core infrastructure initiative has for various reasons ended up supporting OpenSSL, and this might be Google's way of saying that libressl is the way to go.

Re:What a name!

[ArcadeMan]

I was about to write a witty reply to your comment, however the result would not have been interesting, tedious to read, dull, monotonous, repetitive, unrelieved, unvaried, unimaginative, uneventful, characterless, featureless, colorless, lifeless, insipid, uninteresting, unexciting, uninspiring, unstimulating, uninvolving, unreadable, unwatchable, jejune, flat, bland, dry, stale, tired, banal, lackluster, stodgy, vapid, monochrome, dreary, humdrum, mundane, mind-numbing, wearisome, tiring, tiresome, irksome, trying, frustrating, informaldeadly, ho-hum, dullsville, dull as dishwater, plain-vanilla and as boring as a one-man play.

Worrysome

[Virtucon]

Google forking OpenSSL into their own brand of NSA friendly, privacy snooping SSL. Why not just help the OpenSSL folks strengthen an already great product and assist in regression testing and validation as well? No grow your own and fragment the community you say?

Re:Worrysome

[drinkypoo]

Diversity is good, especially if they wind up diverging and actually being diverse. Not all implementations wind up being vulnerable to the same attacks, except when there are weaknesses inherent to the protocol. Even then a diverse... crap, I can't think of a non-buzzword to use here, landscape, ecosystem, argh. Sorry. Anyway, where was I? More variants means more approaches are likely to be attempted to solving the same problem, hopefully the best one wins and we get the best approach out of several options instead of whatever the single vendor comes up with.

Re:Worrysome

[Virtucon]

I understand that but in the case of it being Google who has a tendency not to make their technology, like Android, forkable. It's a one way street with them and I wouldn't trust any security implementation blessed by them. If it were Red Hat or even Microsoft I'd trust it more.

Re:Worrysome

[drinkypoo]

It's a one way street with them and I wouldn't trust any security implementation blessed by them

Good! That should limit uptake, and encourage still more alternatives.

Re:Worrysome

[Fnord666]

Diversity is good, especially if they wind up diverging and actually being diverse. Not all implementations wind up being vulnerable to the same attacks, except when there are weaknesses inherent to the protocol.

Just be sure that as a developer you write an abstraction layer between the application and the library so that when the interfaces diverge too much you have a single class to rewrite. Diversity in implementations is a good thing. Diversity in the interfaces can be a pain in the butt.

Re:Worrysome

[NotBorg]

Why not just help the OpenSSL folks strengthen an already great product

Citation needed.

Re:Worrysome

[drinkypoo]

There are two kinds of people in this world.

Oh no! We need more kinds of people!

Re:Worrysome

If only we didnt have so much fragmentation between people...

Re:Worrysome

Heil Hitler!

Re:Worrysome

[strikethree]

OpenSSL is the swiss army knife of encryption technologies.

It can encrypt data with whatever cipher floats your boat. It can do hashing with whatever algorithm floats your boat. It can do SSL negotiations, it can examine, manipulate, and create X.509 certificates and containers like PKCS etc. Hell, it has all of the tools necessary to build an entire PKI up to and including creating Root Certificate Authorities, managing Certificate Revocation Lists, etc.

There may be vulnerabilities in it, but Oh My God can it do a whole hell of a lot. OpenSSL is up there with the Linux Kernel and GCC for usefulness and importance. As a security guy and as a privacy freak, I have been using OpenSSL code since before it was called OpenSSL. It was SSLeay prior to being OpenSSL.

That is a personal citation, but the facts are irrefutable.

Re:Worrysome

[NotBorg]

Because only positive facts are relevant?

Re: Worrysome

[strikethree]

Because negative facts dominate?

Re: Worrysome

[NotBorg]

Positive: The device won't cut off your hands.
Negative: The device will cut off your head.

Maybe it's not so bad?
Positive: It won't cut off your head.
Negative: It will cut off your hands.

Still no?
Positive: It won't cut off your head, your kids are entertained and happy because...
Negative: For about 20% of uses shocks the shit outta you.

Still not enough? Ok
Positive: This device is great, doesn't chop off your head or hands and it doesn't shock you.
Negative: After about 3 months of heavy usage a small bit of plastic will break rendering the device inoperable. However it's easy to fix and you're a do-it-yourself guy. $1 at a local hardware store and it's good as new and will last you for many years to come.

Perhaps it's best to look at all the facts rather than just the positive ones.

How does this help?

Seems like forking is out of control. If bugs are missed in the most premier open source version of ssl, how does forking solve this issue? It's not like the reason heart bleed happened was because of some strange stone walling by openssl. I would rather have some RFC compliant standard version of SSL instead of SSL behaving more like web browser javascript and html compat.

Of course I won't be surprised by all the Google fanboys jumping all over this. Google is probably worse than Microsoft, but people think Google is the evil you can trust.

Re:How does this help?

[bmajik]

Bugs weren't missed in mainline openSSL. Bugs were logged, sat around for years, and didn't get fixed.

The project management and software engineering practices for openSSL were/are simply not acceptable.

The code is salvageable. The people and processes that allowed the code to get that way are not.

"This code under new management"

Re:How does this help?

[owlstead]

So where is the heartbleed bug report that was ignored?

Re:How does this help?

[jones_supa]

OpenSSL Gets Patch for 4-Year-Old Flaw

That one had a public CVE sitting for 4 years while nobody took the responsibility to fix it.

Re:How does this help?

[Electricity+Likes+Me]

That description isn't very good for the bug: a specially crafted buffer overwrites Alice's data - what? I presume they mean that Bob could takeover Alice's connection, but the description isn't very good.

Moreover, it very much ignores an important issue: just because a bug is spotted, doesn't mean the fix is trivial. In security software the fix might very well open up a different vulnerability.

Debian's SSH flaw was exactly something like this - inappropriately commented weird looking code was removed to "improve" things. And it's exactly that sort of problem which I suspect LibreSSL is going run straight into at some point as well.

Re:What a name!

Hey, I don't like your nickname. Thoughts?

"Can't trust Google cuz they're NSA buds" = silly

[cyrus0101]

Google makes a lot of money on your data. They mine the crap out of your email. Their CEO has said privacy online is silly since if you've done nothing wrong you have nothing to hide. Summed up: they're indifferent to your sense of privacy. But trust Google to protect it's own interests. It wants to control access to this data. They'll be happy to comply with government requests for data, but on their own terms, and not by willfully subverting the security itself and leaving the door wide open. Being the doorkeeper makes them powerful. Being a doormat is not in their interest.

It is hip to be square

[ctime]

For those having a hard time understanding the naming convention,

Boring: Not flashy, not exciting, not experimental, not sexy. Performs as expected.

In other words, exactly how I want my security libraries, my databases, and the other critical infrastructure that runs the planet to be described as. Boring is good. A choice between boring Plain Jane and Simple Sally? Even better. Thank you.

Re:It is hip to be square

[owlstead]

Yes, but that's not what this seems to be about:

We have used a number of patches on top of OpenSSL for many years. Some of them have been accepted into the main OpenSSL repository, but many of them don’t mesh with OpenSSL’s guarantee of API and ABI stability and many of them are a little too experimental.

For something that includes experimental patches, *boring* would be an extremely stupid part of the name.

Re:It is hip to be square

[Opportunist]

And if they called it snoozeSSL, the name doesn't matter. A name is a designation that should enable us to distinguish it from something of a similar kind, preferably it should be unique to avoid confusion. Since human beings are better at keeping names than numbers (usually, I'm not), we tend to label things with names.

The point is, though, that this name means jack. Whether it is called BoringSSL or SuperspecialawesomeSSL doesn't matter. It is a name. Nothing else. Everything else is just the usual name calling bullshit along the lines of sunshine units and differently abled.

What remains is that it is done by the company whose core business is data collection and selling it to the highest bidder.

Re:It is hip to be square

[Jiro]

And if they called it snoozeSSL, the name doesn't matter. A name is a designation that should enable us to distinguish it from something of a similar kind...

The point is, though, that this name means jack

So *you're* the guy who named GIMP..

Names actually do matter. Think of a name as a type of user interface, and a bad name as an ugly user interface.

For that matter, think of a name as a way to deal with people, and a poorly named project as showing geekish lack of social skills. Saying "please" serves no function other than making people feel better. It doesn't mean anything more than the name. But that still means a lot, because we're human beings, and doing things with no technological effect is part of how we deal with other human beings.

Re:It is hip to be square

[tepples]

Think of a name as a type of user interface, and a bad name as an ugly user interface.

So how would you redesign this aspect of the user interface of, say, the GNU Image Manipulation Program?

Re:It is hip to be square

[discord5]

So how would you redesign this aspect of the user interface of, say, the GNU Image Manipulation Program?

Please, let's not mention Gimp and UI in the same sentence unless you're looking for an internet fight.

Re:It is hip to be square

You have to have one giant window which everything is stuck inside, and buttons you hold down to get other buttons. Adobe is the pinnacle of UI achievement.

There are serious problems with GIMP professionally (CMYK, HDR, etc etc). The UI and name (just call it the GNU Image Manipulation Program if you don't like the acronym) are not.

Re:It is hip to be square

[lannocc]

GIMP's UI is OK, but it really requires a hardware graphics tablet to be used properly.

Re:It is hip to be square

[LookIntoTheFuture]

Gimp wars! I've gone back in time!

Re:It is hip to be square

[Electricity+Likes+Me]

GNU Image Editor (GIE)

GNU Raster Editing And Touchup (GREAT)

GNU Image Manipulator (GIM)

The last one is the one I'd go with. Simple and straight forward - drop the P, and you lose the weird sexual double entendre while gaining a nice verbage: "that image is a bit big. take it to the gim" "run it through the gim" etc.

OSS seriously needs to be mindful of these things. There's some remote desk manager called "gigolo". Bravo to whoever named that - I can absolutely never install it on my kid's computers.

Re:It is hip to be square

GNU Image Retouching and Editing ( GIRE )
GNU Image Retouching Lab ( GIRL )
GNU Adaptable Image Tool ( GAIT )
GNU Users' Foto FudgER ( GUFFER ) - Ah, I should have quit while I was ahead.

Re:It is hip to be square

Most Free Software projects don't need to care about marketshare. If anything, giving the project a not so politically correct name keeps problematic users away.

Do people dislike the name because of cripples or guys in leather clothes?

Re:It is hip to be square

This. When will (some) programmers learn that humans have an API too, and that they're using it wrong?

Re:It is hip to be square

The latter.

Re:It is hip to be square

Did no one everything of naming it gImage? Google is the ultimate of simple one word descriptive names. Google Mail, Apps, Sheets, Docs, Search, Maps, Translate, etc. This really isn't that hard. (Ok, they lose points for Google+ and possibly Google Android and definitely Google Wave)

Re:It is hip to be square

I tend to sympathise with the (some) programmers on this issue. When I was young, long before I became a programmer or even became aware of computers, there was a bully in my class, and I learned to associate his name with bad things. Until, a bit older and at another school, I had a classmate with the same name who was a wonderful guy. I realised that names are just labels that don't carry any meaning when I still was a kid. I have a hard time understanding how people can grow up without noticing this.

But people do. In the Netherlands a supermarket chain had, with the world championsip soccer coming, a fashion designer named Roy Donders design an orange suit which customers could get through some marketing action. In one bible belt (we have one) town some customers objected, because they consider the name Donders to be diabolical. The word 'donders' is sometimes used as a mild expletive, and the people concerned see it as a eufemism for a swear word, and therefore as bad as the swear word itself. The name Donders, according to a website that explains names, derives from 'dark haired lord' or 'shining lord'. So there are people who seriously think that a name that happens to be a homonym of a eufemism of a swear word is diabolical. They seem to think that words are magical formulas. I think we shouldn't take that human API into acount, other than by trying to talk some common sense into them.

And there isn't one human API, there are many. You seem to think humans have an API that some programmers don't understand. But those programmers are humans too, with a different API. Humans often don't notice the variety in APIs, they often seem to assume everybody implicitly understands them. I have witnessed many conversations between people where it was obvious to me that they were talking about completely different things, and it kept and keeps amazing me how often they clearly don't notice this rather fundamental property of their conversation. It's amazing how poor many people are at communicating with each other.

My partner has Asperger's, and since we became friends and lovers I have started to suspect I have some autistic traits myself. My friend and I understand each other extremely well, both of us feel we finally met a normal human. Autists are often described as being bad at understanding other people. But those 'normal' or neurotypical people are just as bad at understanding autists, as well as other people who aren't sufficiently similar to them.

There are many, many different human APIs. Don't put the blame and responsibility for not understanding other APIs with one group. And please explain to people who really think that a name like 'gimp' actually gives useful information about a program, if you encounter them, that words are labels for meanings, not the meanings themselves, and that names are labels for people and products, not statements about how they act or work. Naming a program 'gimp' may have been childish or whatever you think of it, but it doesn't say anything useful about the program itself. It's no reason to avoid or use the program, it's just a label without meaning.

Re:What a name!

they call it BoringSSL because it contains a backdoor tunneling protocol.

Not a general use library

They're forking it, but not like LibReSSL (I like that capital R - it makes a hell of a difference). Their library isn't actually meant to be used outside of their pet projects as far as I understand. If you're not Google, you're still expected to use vanilla OpenSSL, or LibReSSL when it becomes stable. I also get this feeling that when LibReSSL becomes stable BoringSSL might go away, and its stopgap role come to an end.

Re:Not a general use library

The capital R just unprofessionally makes it look like leetspeak.

Re:Not a general use library

[Kremmy]

That's a reading comprehension issue on the user end.

Re:What a name!

[swillden]

First reactions are generally positive. Theo de Raadt comments, "Choice is good!!."

The name "BoringSSL."

I am finding extreme difficulty in liking this name choice. What was Google thinking? Am I alone?

It's not "What was Google thinking?", it's "What was Adam Langley thinking?". As for what he was thinking, it's pretty simple: Fundamental security components like SSL/TLS should be very, very boring. They're not a place for innovation and experimentation, they're not a place for clever code that demonstrates the author's virtuosity (assuming there is any such place, outside of Obfuscated C contests). They're not a place for exploration of how the C preprocessor can be used to automatically generate much of the codebase (which is something that OpenSSL has done). They're where you want very simple, straightforward, boring implementations of industry best practice algorithms and protocols.

When it comes to security, boring is good.

As Langley said in his blog post, the name is aspirational. But it is his goal, to produce a security library which is completely boring. And it's a good thing.

fork in 3.. 2..

EnnuyeuxSSL

boring

verb

make (a hole) in something, esp. with a revolving tool.

Certify it

[sinij]

Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.

Re:Certify it

[rubycodez]

wrong. FIPS certifcation has just been proven to be meaningless, and in fact the reason openssl was such dung. Most FIPS certfied systems have multiple known vulnerabilities now.

Instead, those with a brain will chose the superior alternative being developed, and those in government will have to follow leadership and make a better standard.

Re:Certify it

I'm so glad they had *you* to tell them.

Or maybe they'll just build a good crypto library which will be used all over the world where actual security matters more than some braindead certification.

Re:Certify it

The point is not whether FIPS-certified cryptographic systems are, or are not, any good. The point is that if you don't have a FIPS-cerified cryptographic system, forget about selling anything to US government agencies.

Re:Certify it

[swillden]

Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.

Right, because Google is irrelevant.

Re:Certify it

And if you do have a FIPS-certified cryptographic system, thanks to the NSA's shenanigans, the rest of the world now views it with disdain and suspicion, so forget about selling anything to anyone who ISN'T a US government agency.

They can make their own damn crypto, or follow the lead of independent cryptographers leading independent research. Appeasing governments is off the menu.

Re:Certify it

The point is not whether FIPS-certified cryptographic systems are, or are not, any good. The point is that if you don't have a FIPS-cerified cryptographic system, forget about selling anything to US government agencies.

Abstract the cryptographic operations and have two implementations of it, FIPS-certified OpenSSL or whatever and the library that's actually secure. US government can use the FIPS-certified thing while everyone else goes with the more secure version. I doubt there is rule that forbids that (in the case you cannot ship non-FIPS-certified cryptographic libraries, just remove the binary for the other library from software shipped to US government)

Re:Certify it

[bill_mcgonigle]

US gov't is largest consumer of cryptographic products in the North American market

This doesn't make any sense. There are more Android phones than government employees, for instance (and thank goodness).

Vis-a-vis LibreSSL - screw FIPS, Dual EC DRBG, and weak NSA coefficients - let the feds use OpenSSL if they want to.

Re:Certify it

[Electricity+Likes+Me]

Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.

Right, because Google is irrelevant.

It will be if it can't sell products to the US government.

Re:Certify it

[swillden]

Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.

Right, because Google is irrelevant.

It will be if it can't sell products to the US government.

What products does Google sell to the US government? And, in general, it's not like the government is the only customer in the world.

Re:Certify it

What products does Google sell to the US government?

You.

Re:Certify it

I don't understand why you would think that compliance with some US government standard is so important. Google and the rest of the large technology companies don't make any significant money from the federal government. Google activates more Android handsets in a couple of days than there are employees in US government.

The only thing that matters is the security of the library.

Re:Certify it

wrong. FIPS certifcation has just been proven to be meaningless

Meaningless technically perhaps, but not from a compliance standpoint.

Instead, those with a brain will chose the superior alternative being developed

Not in the real world where its "less risky" to go with a stable release with a few known defects. You also assume "those with a brain" are in charge.

those in government will have to follow leadership and make a better standard

In 10 years. Until then check the checkbox for FIPs compliance.

Sorry for being cynical in this response, but you apparently have NEVER worked with a company or government agency with bureaucracy. P.S. Are you hiring?

Re:Certify it

Government & ad revenue ?

Re:Certify it

[swillden]

What products does Google sell to the US government?

You.

A) That's not true. Do you have a citation?

B) Even if it were, it wouldn't be relevant to this thread, in which the claim is that not making BoringSSL FIPS-compliant will somehow make it irrelevant because it would impact Google's ability to sell products to the government. If Google did sell information to the government, the lack of FIPS certification on BoringSSL clearly wouldn't be an obstacle.

Re:What a name!

All I say is OUCH!

Look at your own code

Look at the code you wrote yourself 10-20 years ago.

The simple boring code you still understand and still can compile and use today.

Now look at the code where you put in every trick in the book and then some. Can you understand? Does it compile today? Does it even have a useful function to use today? Is it bug free after all this time?

Unless you did a good job documenting it I am betting there is a no to one of those questions.

Re:What a name!

[Qzukk]

To put it bluntly, heartbleed was exciting and in security, exciting is bad.

Re:"Can't trust Google cuz they're NSA buds" = sil

[sasparillascott]

Actually this isn't silly. Intel has compromised CPU instruction set due to NSA influence (whether that was via a secret order or just because they bend over when asked is unknown). Just look at what this Google engineer said:

https://plus.google.com/+Theod...

So given the option of getting a back door inserted in the SSL protocol used by a huge chunk of the world - the NSA will try to corrupt it.

If served with a secret order, from a secret court on the desire of the NSA for "national security" reasons with orders to, of course keep it secret, Google would have no choice but to comply. The fact that it'll be open source would allow for the possibility of it getting caught (but only the possibility), and I doubt that would keep the NSA from trying to corrupt all 3 SSL protocols as they are being reworked currently. JMHO...

Re:What a name!

Your usage of informaldeadly is informaliffy, informalshady and informaldodgy, in my humble opinion.

BorenSSL

[bAdministrator]

Its name was, in fact, Boren.

Re:BorenSSL

Why not SnowdenSSL ?

Why have one attack footprint...

...when you can have two.

Re:What a name!

At first I thought it was an April Fool's Day joke.

Re:"Can't trust Google cuz they're NSA buds" = sil

[cbhacking]

There's no guarantee that Intel was actually compromised, though they would have been an obvious target. More likely that effort was aimed at dedicated hardware RNGs, which have been a thing since well before RDRAND, but the final point of the post (about not trusting RNGs you can't audit) has obvious merit.

Also, while I think I know what you mean, "all 3 SSL protocols" makes no sense. There are currently four SSL/TLS protocols in use (SSL3, TLS1, TLS1.1, TLS1.2) plus a deprecated one (SSL2, which is broken; SSL1 was never published AFAIK). If you meant SSL implementations, there are at least seven: the three OpenSSL-derived ones (OpenSSL, LibReSSL, BoringSSL), BouncyCastle (which is technically two implementations, Java and C#, but they are supposed to be equivalent), GnuTLS, Mozilla's one (may be client-only?), Apple's one (I think does both client and server but could be wrong), and Microsoft's SChannel (client and server).

Re:What a name!

[marcello_dl]

> they call it BoringSSL because it contains a backdoor tunneling protocol.

In fact, I was thinking: "Boring, my ass", but I didn't know exactly why.

Cannot Wait

[ChadSmith4920]

For SameOldSSL and SSLYourWAY

Re:What a name!

[AchilleTalon]

NSA decided to follow Google's path and annouced a fork of OpenSSL, they will call the new fork SuckingSSL. First reactions are generally positive.

Re:What a name!

May you live in interesting times is a curse for a good reason.

Re:"Can't trust Google cuz they're NSA buds" = sil

[hattable]

They'll be happy to comply with government requests for data, but on their own terms, and not by willfully subverting the security itself and leaving the door wide open.

I think people forget that regular ol' poor programming may leave things open--incompetence over malice.

Re: What a name!

[Terrasque]

You mean FreedomSSL?

And response from security people have either been very positive or they weren't available for comment right now.

because Google doesn't need two major limitations

[raymorris]

> Why not just help the OpenSSL folks strengthen an already great product and assist in regression testing and validation as well?

OpenSSL can't do alot of things they'd like to do because it would break binary compatibility with the old ABI. There are also a number of improvements that would change the API. OpenSSL has committed to sticking with not only the old API, but the old ABI, so you an old program can use the new openssl without even recompiling.

Google isn't restricted by those two things because they recompile Android daily or weekly anyway. Therefore, there's no reason they wouldn't make improvements that change the binary interface. They'd be forgoing significant improvements just for the sake of us the same bad abi that someone designed many years ago, which has no benefit in their products.

They can still send over improvements that they devfolks In some cases, it will be up to the OpenSSL folks to decide if they want to contort the new improvements to fit in the legacy ABI or API.

Re:What a name!

[ChunderDownunder]

jejune, must remember that one...

largest doesn't mean the majority

[raymorris]

"Largest consumer" means they buy more than ANYONE else, not more than EVERYONE else.

Does the world's largest man account for over half the weight of all humans? No, he's bigger than any other man, not bigger than all other men put together. A lot of people buy Android phones. Can you name a consumer who buys more than the US government.

compatibility, so you don't rewrite all applicatio

[raymorris]

LibreSSL maintains API and ABI compatibility with OpenSSL, so you can upgrade your encryption without rewriting all of your applications. That's one reason that people in general use LibreSSL rather than something completely different. Also, it's on its way to becoming the most thoroughly audited SSL/TLS library in the world.

Google doesn't mind recompiling their software, so they need only API compatibility, not ABI compatibility.

It needs to go the "XWindows path"

[sgt+scrub]

I think OpenSSL should be broken up into pieces that work together so different parts can be worked on separately. Needless to say I think the OpenBSD group has the better, more achievable for open source, path for the future of the library. I'm not a hater of all things Google; but, I don't think "in-house" code is a good choice for the GNU parts of Linux/BSDs

Certify it

[sgt+scrub]

On the flip side of that, anything with BoringSSL will not be restricted from exporting outside of the U.S. /snark

Re:What a name!

they call it BoringSSL because it contains a backdoor tunneling protocol.

The first vulnerability should be called "crocodile tears".

Re:because Google doesn't need two major limitatio

[Virtucon]

Good points but a lot of speculation on Google's intentions. I think it'll be like everything else they've done for open source. Embrace, Extend and then Emprision (sic) much like "we don't like Java so we'll make our own" It's the Bender philosophy. Sure OpenSSL may have an older API/ABI however what's the driving factor for something new? There's just no way I can trust Google after the NSA revelations and their incessant tracking crap. First it was Facebook and all their damn trackers now Google Metrics, Google Analytics on almost every fucking webpage out there. Sorry do no evil is no longer valid at Google and I look at any attempt at embracing or forking and already existent open source project as suspicious and motivated by some shit that'll eventually get me condom ads.

Yup - ExcitingSSL is NOT what you want

[billstewart]

No surprise.

Re:What a name!

[Prof.Phreak]

Yes, it's hard to get excited about BoringSSL.

Wayne Boring

[tverbeek]

I thought that BoringSSL was named in honor of classic Superman artist Wayne Boring.

not speculation, see TFA

[raymorris]

It's not speculation at all, I pretty much quoted the discussion that led to the fork. I just added a very brief explanation of the terms ABI and API.

> and I look at any attempt at embracing or forking

It appears that you refused to look at it at all, preferring to apply your preconceived conclusion without bothering to take 60 to read what is happening and why.

Re:not speculation, see TFA

[Virtucon]

I did read that, don't assume. Also don't assume anything Google does is for the benefit of anybody except Google. Google is a business and it still amazes me that people believe, with a straight face, that they won't shaft over everybody if corporate conscious comes between them and a buck.

Re:"Can't trust Google cuz they're NSA buds" = sil

[cyrus0101]

I'm not suggesting Google is impervious to coercion, only that the have an incentive to maintain as secure a platform as they are able. They are no more vulnerable to corruption than OpenSSL was (though it could even be argued that their political and economic clout makes them less vulnerable; but I wouldn't get behind that position).