[openssl-project] [openssl-dev] Blog post; changing in email, crypto policy, etc
openssl-users at dukhovni.org
Mon Jan 22 16:50:50 UTC 2018
> On Jan 22, 2018, at 7:48 AM, Andy Polyakov <appro at openssl.org> wrote:
> For above
> reason, no new insecure option should be *introduced*.
I think I'm with Andy on this one. We should aim to not introduce
new weakened crypto. I hope we are not moved by "market forces"
to add support for dubious algorithms that interoperate with some
sort of standard for constrained devices. Can't rule out that
possibility, but it would have to be one that the "industry" as
a whole accepts (not just OpenSSL, but all major TLS implementations
decide to support some such algorithm). Presumably it would not
simply an opaque weak mode of a strong algorithm, but a distinct
algorithm known to be weaker by all sides.
More information about the openssl-project