[openssl-project] [openssl-dev] Blog post; changing in email, crypto policy, etc
appro at openssl.org
Mon Jan 22 15:34:23 UTC 2018
> Oh heck, we’re gonna get wrapped around the axle of wording again…
??? Humans communicate with words. If we are to agree on something,
words is *all* we have to use. And wordings have meanings too...
>> This is confusing. For starters it's mixing up two completely different
> things. It's one thing to make availability of *legacy* crypto (or
> protocol) an option, it's another thing to *introduce* insecure options.
> Disagree. That’s just an implementation detail. From the end-user’s perspective, weakness is weakness no matter where or how it comes from.
Let me rephrase. "It's another thing to *purposefully* introduce options
known to be insecure by the time of introduction." [I actually written
"known to be insecure by time" in original draft, but later thought that
it's implied by word "introduce".] Well, arguably there is ambiguity in
use of word "option". Is it a config-time switch, or code it controls? I
obviously refer to code.
>> Now, does
> wording mean that omc is actually open to suggestions to *introduce*
> insecure options?
> That wasn’t the intent. It could happen.
I'm sorry [for taking the risk to irritate you even more with
"irrelevant wording" stuff], but what does *this* mean? "That wasn't the
intent. [But] it [,insecure options,] could happen [anyway]."? This
would mean affirmative answer to the question. Is this it? Or was it
"That wasn't the intent. It [wording] just happened."?
More information about the openssl-project