IMHO, that's a good call. If a 'broken' algorithm gets in, it tends to stay there for a very long time.
DES_OLD, SHA0 are examples already in the OpenSSL code base.
Something else that could easily be killed now.
Pete
-----owner-openssl-...@openssl.org wrote: -----
To: "openssl-dev@openssl.org" <openssl-dev@openssl.org>
From: "Salz, Rich"
Sent by: owner-openssl-...@openssl.org
Date: 06/04/2014 02:31AM
Subject: RE: patch for make depend, chacha
From: "Salz, Rich"
Sent by: owner-openssl-...@openssl.org
Date: 06/04/2014 02:31AM
Subject: RE: patch for make depend, chacha
> Is there somebody working on it to get Chacha/Poly cipher suites production ready?
It's expected that the way the ciphers are used will change as it goes through the IETF TLS group. Therefore, Google has not been encouraging folks to pick up and use these patches other than an "on your own" basis until after the they're done. (They == IETF and GOOG I suppose:)
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
:I"Ϯrm (Z+7zZ)1x hW^^%
&jם.+-1ځj:+vh
It's expected that the way the ciphers are used will change as it goes through the IETF TLS group. Therefore, Google has not been encouraging folks to pick up and use these patches other than an "on your own" basis until after the they're done. (They == IETF and GOOG I suppose:)
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
:I"Ϯrm (Z+7zZ)1x hW^^%
&jם.+-1ځj:+vh
