[openssl-dev] Kerberos
Viktor Dukhovni
openssl-users at dukhovni.org
Sat May 9 19:47:48 UTC 2015
On Sat, May 09, 2015 at 11:45:07AM -0700, John Denker wrote:
> > Misuse of the older Kerberos code in OpenSSL with SSL is not as
> > secure as one might think.
>
> That's not proof -- that's not even evidence that it
> is necessary to remove the code. More specifically,
> it is an awfully high-handed way to inform the users
> what we think is "best" for them.
Nobody owes you such a proof.
> Also it would be good to communicate exactly what is
> being deprecated. All of Kerberos? Some particular
> combination of Kerberos+SSL?
OpenSSL cannot deprecate "all of Kerberos". Applications that use
Kerberos can continue to do so whether the OpenSSL developers love
it or hate it. OpenSSL developers can (and should) drop functionality
that depends on Kerberos from the OpenSSL library. Specifically,
we're proposing to drop support RFC 2712 TLS Kerberos ciphersuites.
I don't know why you're so adamant when you clearly don't know
what's under discussion. It is best to stop the sub-thread here.
--
Viktor.
More information about the openssl-dev
mailing list