[openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled
Salz, Rich via RT
rt at openssl.org
Tue Aug 11 12:06:41 UTC 2015
> Yes. But skimping on security features is not a good way to deal with
> software/firmware bloat. And again, attacks on this layer are increasing in
> quantity and sophistication. The current protection mechanisms appear
> insufficient. Draw your own conclusions.
But this isn't a general-purpose library. It is a boot system embedded into firmware. If the system needs to be updated to address new security concerns, that part of OpenSSL that is also embedded will be updated with the rest of the system. It makes no sense, to me, to add things that aren't being used by this one application. The library and application are tied together.
More information about the openssl-dev
mailing list