[openssl-project] [openssl-dev] Blog post; changing in email, crypto policy, etc

Andy Polyakov appro at openssl.org
Mon Jan 22 15:34:23 UTC 2018


> Oh heck, we’re gonna get wrapped around the axle of wording again…

??? Humans communicate with words. If we are to agree on something,
words is *all* we have to use. And wordings have meanings too...

>>    This is confusing. For starters it's mixing up two completely different
>     things. It's one thing to make availability of *legacy* crypto (or
>     protocol) an option, it's another thing to *introduce* insecure options.
> 
> Disagree.  That’s just an implementation detail.  From the end-user’s perspective, weakness is weakness no matter where or how it comes from.

Let me rephrase. "It's another thing to *purposefully* introduce options
known to be insecure by the time of introduction." [I actually written
"known to be insecure by time" in original draft, but later thought that
it's implied by word "introduce".] Well, arguably there is ambiguity in
use of word "option". Is it a config-time switch, or code it controls? I
obviously refer to code.

>> Now, does
>     wording mean that omc is actually open to suggestions to *introduce*
>     insecure options?
>   
> That wasn’t the intent.  It could happen.

I'm sorry [for taking the risk to irritate you even more with
"irrelevant wording" stuff], but what does *this* mean? "That wasn't the
intent. [But] it [,insecure options,] could happen [anyway]."? This
would mean affirmative answer to the question. Is this it? Or was it
"That wasn't the intent. It [wording] just happened."?


More information about the openssl-project mailing list