[openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367)
Hanno Boeck via RT
rt at openssl.org
Mon Aug 24 17:30:34 UTC 2015
On Sat, 22 Aug 2015 10:21:42 +0000
Alessandro Ghedini via RT <rt at openssl.org> wrote:
> Which adds support for Camellia GCM and adds the correspondent TLS
> cipher suites. Most of the code comes from the AES GCM
> implementation, so maybe there's an opportunity for some refactoring
> there.
May I ask one question: Why?
>From what I observed others are moving away from camellia [1]. So why
should openssl add more camellia support?
>From what I'm aware camellia is a block cipher like aes, and there is
no serious problem with AES. Does camellia offer any significant
advantage in any situation that would justify increasing support?
I think a large problem of TLS in general and OpenSSL in particular is
feature bloat. In the past features got added not because there was a
clear need for them, but "because we can". After all the whole
heartbleed story can largely be explained by that. I'd propose that
OpenSSL doesn't add any new features without a clear explanation what
advantage they bring in which situation - and who is likely going to
use that feature.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1036765
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150824/899f3096/attachment.sig>
More information about the openssl-dev
mailing list