[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes

[Salz, Rich]

> Subtracting (in local configuration) algorithms from a keyword denoting all
> known-strong algorithms is hand-tuning, but not fragile hand-tuning.

Three years ago RC4 was known-strong.  Two years ago DES-CBC was known-strong.  Now we only have AES-GCM. At what point do we think ChaCha/Poly is known-strong, and who gets to make that call?  Dan?  Adam? 

Who said "these are known-strong" and when did they say it, and are they still correct? And where and how does a system admin find those things out.