IMHO, that's a good call. If a 'broken' algorithm gets in, it tends to stay there for a very long time.
DES_OLD, SHA0 are examples already in the OpenSSL code base.
Something else that could easily be killed now.
Pete
[email protected] wrote: -----
To: "[email protected]" <[email protected]>
From: "Salz, Rich"
Sent by: [email protected]
Date: 06/04/2014 02:31AM
Subject: RE: patch for make depend, chacha
From: "Salz, Rich"
Sent by: [email protected]
Date: 06/04/2014 02:31AM
Subject: RE: patch for make depend, chacha
> Is there somebody working on it to get Chacha/Poly cipher suites production ready?
It's expected that the way the ciphers are used will change as it goes through the IETF TLS group. Therefore, Google has not been encouraging folks to pick up and use these patches other than an "on your own" basis until after the they're done. (They == IETF and GOOG I suppose:)
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: [email protected]; Twitter: RichSalz
:I"Ϯrm (Z+7zZ)1x hW^^%
&jם.+-1ځj:+vh
It's expected that the way the ciphers are used will change as it goes through the IETF TLS group. Therefore, Google has not been encouraging folks to pick up and use these patches other than an "on your own" basis until after the they're done. (They == IETF and GOOG I suppose:)
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: [email protected]; Twitter: RichSalz
:I"Ϯrm (Z+7zZ)1x hW^^%
&jם.+-1ځj:+vh
