On Fri, Jun 25, 1999 at 06:48:49PM +0200, Ulf Möller wrote:
| > I'll assert that deploying DES today is WORSE than deploying no crypto
| > at all, because of the deployed lifetime of a new product, and the
| > associate removal of pressure to deploy an effective cryptosystem.
|
| OpenSSL supports strong crypto. DES support is there only to allow our
| users to talk to crippled American browsers and the like. Those we
| don't deploy.
|
| Besides, as the developers of open source software we can hardly
| exercise pressure on our users.
I don't develop OSS, but I'll suggest that if you require the user to
compile with -DAMAZINGLY_BROKEN_CIPHERS_NSA_LOVES, you cause them to
at least consider this issue, rather than naively assume that all the
non-snake oil, outside the US crypto in OpenSSL is secure.
This is pressuring your users to do the right thing, or at least
consider the issues. Do you think it would substantially hurt your
uptake?
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
