[openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Thu Nov 19 17:18:41 UTC 2015
>> I did not say “no maintenance costs”. I said that I concur that the
>> maintenance costs for such code would be minimal, which usually it is.
>>
>> I’m against “disabling by default”. Removing access to such code from libssl
>> is OK, and the correct thing to do from the security point of view. Removing
>> from libcrypto is bad, and enough people here explained why well enough to
>> avoid repeating the reasons.
>
> Yes, but a several people (including me) disagree with you.
I know.
> And one of the options that has been suggested is to keep the code but have it
> disabled by default.
I know. And I expressed my (negative) opinion of this option, which is
better than completely wiping the code, but not by very much – as you
correctly pointed out. Still, at least this way user wouldn’t have to chase
down the source files of an old algorithm.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151119/ccd3d89f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4308 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151119/ccd3d89f/attachment-0001.bin>
More information about the openssl-dev
mailing list