[openssl-project] [openssl-dev] Blog post; changing in email, crypto policy, etc

Salz, Rich rsalz at akamai.com
Mon Jan 22 14:18:09 UTC 2018

Oh heck, we’re gonna get wrapped around the axle of wording again…

>    This is confusing. For starters it's mixing up two completely different
    things. It's one thing to make availability of *legacy* crypto (or
    protocol) an option, it's another thing to *introduce* insecure options.

Disagree.  That’s just an implementation detail.  From the end-user’s perspective, weakness is weakness no matter where or how it comes from.
> Now, does
    wording mean that omc is actually open to suggestions to *introduce*
    insecure options?
That wasn’t the intent.  It could happen.

More information about the openssl-project mailing list