On Sat, Dec 14, 2019 at 08:05:04PM -0500, Dave via Gnupg-users wrote:
I can’t recall encountering any similar complaints about OpenSSL. I find this somewhat curious, and am wondering if there are OpenSSL detractors out there that I simply haven’t come across
OpenSSL definitely has its detractors. They were for example very vocal back in 2014 in the aftermath of the Heartbleed bug.
OpenSSL command structure isn’t as complicated as it seems to me.
For what I have seen, most of the criticisms against OpenSSL are directed at the code and/or the API rather than at the command line tools. This may reflect the fact that OpenSSL is probably more often used as a programming library than as a set of command line tools. That being said I have seen complaints about the command line OpenSSL tools as well.
(I’ve heard a crypto-nerd once telling me that the only way to correctly generate a certificate signing request using OpenSSL’s req command was to type the command while sitting in a demonic circle after having sacrificed at least a dozen of chickens—or two dozens if the CSR is for a ECC certificate.)
I suppose that OpenSSL is geared toward a very technical and security-aware user base, who aren’t likely to complain about usability issues
I am not sure I’d buy that. All the criticisms I have seen against either GnuPG or OpenSSL came from very technical-minded people.
By contrast, in my experience non-technical people showing up at cryptoparties are very much willing to use the software as it is, learning what they need to learn instead of complaining that the software should be simple enough that they shouldn’t have to learn anything.
(Of course those are the people motivated enough to attend a cryptoparty. They may not reflect the larger group of users.)
Cheers, - Damien
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
