💾 Archived View for rawtext.club › ~sloum › geminilist › 002016.gmi captured on 2020-09-24 at 03:25:45. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
Michael Forney mforney at mforney.org
Thu Jul 2 01:37:36 BST 2020
- - - - - - - - - - - - - - - - - - -
On 2020-07-01, Phil Leblanc <philanc at gmail.com> wrote:
--- BearSSL
- very nice code. An impressive feat for a one-man project (Thomas
Pornin)
- not yet at TLS-1.3. The code looks maintained but I don't know if
it is actively developed. I saw no sign of ed25519 cert signing, but
may be wrong here.
- code size: the whole libbearssl.a is ~ 860KB, basic client and
server examples are in the 150KB range, which is very nice.
Have you looked at the TLS 1.3 page (https://bearssl.org/tls13.html)?It suggests that support for TLS 1.3 is planned, but there are someobstacles with Ed25519 that require more memory usage (buffering thecomplete certificate) and code size increase. I think it is a littleout of date since RSA/PSS is now implemented in BearSSL, but you'reright that there hasn't been much development for TLS 1.3 in a while.I'm hopeful that it will eventually be implemented.
So if Ed25519 is what gemini servers are settling on for theircertificates, then BearSSL is probably not a good option until supportis available. Though, ECDSA uses comparable key/signature sizes and Ibelieve it is fairly widely supported, so I think BearSSL would workquite well for that.
I'm not sure if there are any existing gemini clients using libtls,but if there are, you might be interested inhttps://git.sr.ht/~mcf/libtls-bearssl. You could get a much smallerstatically linked binary by just linking against libtls-bearsslinstead of libtls from LibreSSL.
-Michael