[openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367)
Hubert Kario via RT
rt at openssl.org
Mon Aug 24 20:32:50 UTC 2015
On Monday 24 August 2015 19:25:24 Hanno Böck wrote:
> On Sat, 22 Aug 2015 10:21:42 +0000
>
> Alessandro Ghedini via RT <rt at openssl.org> wrote:
> > Which adds support for Camellia GCM and adds the correspondent TLS
> > cipher suites. Most of the code comes from the AES GCM
> > implementation, so maybe there's an opportunity for some refactoring
> > there.
>
> May I ask one question: Why?
because it's the only standardised, widely audited and recommended alternative
to AES, having a different cryptographic construction (Feistel network) that
has been studied even longer is also a good thing
> After all the whole
> heartbleed story can largely be explained by that. I'd propose that
> OpenSSL doesn't add any new features without a clear explanation what
> advantage they bring in which situation - and who is likely going to
> use that feature.
bugs happen, refusing to accept patches just because they can have bugs is
short sighted at best
or can I expect you to express the exact same concerns when ChaCha20 patches
will be proposed?
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150824/fcf8cde9/attachment.sig>
More information about the openssl-dev
mailing list