[openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367)
Hanno Boeck via RT
rt at openssl.org
Tue Aug 25 06:59:01 UTC 2015
On Mon, 24 Aug 2015 22:32:24 +0200
Hubert Kario <hkario at redhat.com> wrote:
> > After all the whole
> > heartbleed story can largely be explained by that. I'd propose that
> > OpenSSL doesn't add any new features without a clear explanation
> > what advantage they bring in which situation - and who is likely
> > going to use that feature.
>
> bugs happen, refusing to accept patches just because they can have
> bugs is short sighted at best
>
> or can I expect you to express the exact same concerns when ChaCha20
> patches will be proposed?
I think the situation with chacha20 is very different. Its advantages
seem convincing enough that some major players responsible for a
large part of internet connections are already using it.
I see nothing alike with camellia.
If you can give me a convincing argument who would use camellia and for
what I may reconsider my opinion. "It's standardized" doesn't mean
anyone actually uses or wants to use it. Right now I only see people
deprecating it.
I think the thing that bite with heartbleed was: A very obscure
feature, nobody used it, nobody cared for it, so nobody looked at it.
Camellia looks very similar, I doubt it will gain any significant use
even if openssl supported camellia-gcm modes.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150825/b992ea00/attachment.sig>
More information about the openssl-dev
mailing list