[openssl-project] [openssl-dev] Blog post; changing in email, crypto policy, etc
rsalz at akamai.com
Mon Jan 22 16:25:25 UTC 2018
➢ ??? Humans communicate with words. If we are to agree on something,
words is *all* we have to use. And wordings have meanings too...
➢ Let me rephrase. "It's another thing to *purposefully* introduce options
known to be insecure by the time of introduction."
Yes run-time and compile-time is something to keep in mind.
We do not plan to introduce any insecure options that are enabled by default. Option refers to compile-time and build-time both. But I’ve been in this field for a long time, and I don’t think we can guarantee that it will not happen. For example, the extra-entropy extension, the DualEC DRBG, etc.
More information about the openssl-project