Hello Niels,
Niels Möller nisse@lysator.liu.se writes:
I'm thinking about Nettle releases. I think it would be nice to get out a maintenance 3.10 release before summer vacations. (current NEWS file at https://git.lysator.liu.se/nettle/nettle/-/blob/master/NEWS is fairly accurate).
That would be awesome.
After that, there are two different directions:
- Try to clean up some of the API issues. This will break the API (and like for previous changes, it could make sense to add foo-compat.h include files that supports old API, to make it easy to upgrade an application to work with the new nettle version, while incrementally adjusting to the new api). It may also break ABI and imply an soname change, or we could keep old symbols working for the case of old applications linking to new libnettle.so (but not the other way round, as documented at https://www.lysator.liu.se/~nisse/nettle/nettle.html#Compatibility). If we go this way, that would be a Nettle-4.0, and it would make sense to me to try to get that done without much new features, and without making it a huge long-term project.
I have a bit of concern, if an application links to nettle, but also bundles some parts of it to support lower nettle versions, that would make it difficult to import the code[1] as it would require pulling in dependent files.
That said, none of the issues marked as "API change" on the issue tracker looks too disruptive to me (maybe #2 and #5 are): https://git.lysator.liu.se/nettle/nettle/-/issues/?label_name%5B%5D=API%20ch...
Do you have anything else in your mind?
- Focus on getting post-quantum algorithms into Nettle.
From GnuTLS perspective, it would be helpful if there is support for at least one post-quantum KEM algorithm so it could make TLS handshake provide quantum safety and forward secrecy (with PSK). Signature algorithms could be done later.
Regards,
Footnotes: [1] https://gitlab.com/gnutls/gnutls/-/blob/master/devel/import-from-nettle.sh