I am a newbie to *BSD (though not to UNIX in general) and getting ready
to choose a *BSD for a new box.  I still would like a better understanding
of how Net- and Open- differ in security and crypto support.  From what I
can see by poring over both web sites, the differences seem minimal, but
I have not found a page that actually tries to enumerate differences; I
think that would be helpful.  openbsd.org has two detailed pages,
security.html and crypto.html, that hype a number of features that they
have (but without quite coming out and saying they are exclusive to OpenBSD),
and netbsd.org has a paragraph in Misc/features.html saying "We believe in
security without the hype" and that seems to be true ... both parts.  Yes,
NetBSD seems to have comparable features to most those hyped by OpenBSD, and yes,
NetBSD seems to have very little interest in hyping them.  I like that
approach but it's a little vague; hype or no hype, the information should be
available to someone who wants to choose a BSD flavor.

I chose tech-crypto for this post because one concrete difference between
the two flavors that OpenBSD hypes heavily is the Canadian export laws
allowing integrated strong crypto in Open-.  But I can see many comparable
crypto features mentioned in the Net- pages.  I would be happy if someone
could give a quick but non-vague summary of any specific points where
NetBSD and OpenBSD differ in crypto functionality as a consequence of the
export regs or anything else.

I searched over all the NetBSD list archives but many of the hits were five
or more years old and I'm sure the comparison has changed significantly since
then.

Also (security related but not exactly crypto, sorry if OT), OpenBSD hypes
some compiler-chain features they use to reorder stack frames and similar
techniques to complicate stack-smashing.  I'm guessing these same features
are available to Net- if it's the same tool chain, but does anyone know
offhand if they are being used as systematically in NetBSD?

So, those are my technical questions; thanks for reading.  I'd suggest that
any reasonably thorough response would make a good reference page on the
NetBSD web site, but for that I'd have to crosspost to -advocacy.

Cheers,
Chapman Flack
flack@cerias.purdue.edu