[openssl-project] Policy update
rsalz at akamai.com
Wed Jan 3 19:57:21 UTC 2018
I am less concerned about adding datatypes than I am about adding algorithms and protocols. It is hard for a user to make themselves less secure by configuring a datatype.
Do you have substantive issues with the decisions? I agree the wording can be improved.
There is an action item (assigned to me, anyone should feel free to pick it up) to turn the policy declarations into a strawman mission statement.
On 12/22/17, 9:29 AM, "Kurt Roeckx" <kurt at roeckx.be> wrote:
During our face 2 face meeting last week we talked about the
direction we want to move in, and the policy we'll use to get
there. This are the current proposals:
- Insecure configuration options shall not be enabled by default;
they must be enabled by a compile-time switch. This applies to all
new contributions and existing code should be addressed at the
next major (1.2.0) release.
- All new algorithms must be disableable at compile-time. With the
exception of known not-to-work when disabled RSA SHA1 MD5 AES,
existing code should be addressed at the next major (1.2.0)
release. (PR’s to fix those welcome).
- All algorithms and protocols should be recognized by a national or
international standards body. This applies to all new
contributions and existing code should be addressed at the next
major (1.2.0) release.
- The EVP interface should be the primary interface for calling
crypto operations. All new contributions should only export this
API and existing code should be addressed at the next major
(1.2.0) release, and might include a compatibility layer.
I think at least the wording could be improved. For instance, it
says "All [new] algorithms and protocols must be disableable". I
assume it means cryptographic algorithms, like AES, SHA2, HMAC, ...
Does something like CMS and X509 fall under that? It doesn't sound
like an algorithm to me, and protocol also doesn't seem like the
correct word. The same goes for the "All algorithms and protocols
should be [standardised]".
On a related topic, I think there has been a suggestion that we
should work on not exposing such compile time options in the
public headers but that applications should do runtime detection
of the available features instead.
openssl-project mailing list
openssl-project at openssl.org
More information about the openssl-project