[openssl-dev] Fwd: Re: [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

[Peter Waltenberg]

> This is an interesting idea. For completeness, it has failed in other
contexts

Well yes but it's a different context. Policy level rather than capability,
That's why I'm not in favour of removing algorithms, even changing policy
higher up the stack can cause problems, but removing basic capabilities
tends to have even unwanted side effects. I obviously have a personal
interest in this, in my case it's because I work for a company that does
provide insane support lifetimes for products.

For libcrypto itself the attack surface is near zero, it doesn't open
sockets, connect to networks, accept input. It's simply a toolbox and
there's always something else between libcrypto and an attack, if SSL
doesn't want to use MD5, well don't use MD5 but there are other users of
the toolbox. As an analogy throwing out all those 3/8th spanners just
because you've officially gone metric doesn't always work that well in
practice either.

Peter


                                                                                    
                                                                                    
                                                                                    
 Phone: 61-7-5552-4016                                             L11 & L7 Seabank 
 E-mail: pwalten at au1.ibm.com                                    Southport, QLD 4215 
                                                                          Australia 
                                                                                    






From:	Jeffrey Walton <noloader at gmail.com>
To:	OpenSSL Developer ML <openssl-dev at openssl.org>
Date:	17/11/2015 20:23
Subject:	Re: [openssl-dev] Fwd: Re: [openssl-users] Removing obsolete
            crypto from OpenSSL 1.1 - seeking feedback
Sent by:	"openssl-dev" <openssl-dev-bounces at openssl.org>





On Mon, Nov 16, 2015 at 9:06 PM, Peter Waltenberg <pwalten at au1.ibm.com>
wrote:
  Why not offer another set of get_XYZ_byname() which resticts the caller
  to socially acceptable algorithms. Or allows the opposite, it really
  doesn't matter but restricted being the newer API breaks less code by
  default.


This is an interesting idea. For completeness, it has failed in other
contexts. For example, the IETF's TLS Working Group refuses to provide such
an abstraction. See, for example,
https://www.ietf.org/mail-archive/web/tls/current/msg17611.html.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151118/bbeb53f6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151118/bbeb53f6/attachment.gif>