> Subtracting (in local configuration) algorithms from a keyword denoting all > known-strong algorithms is hand-tuning, but not fragile hand-tuning.
Three years ago RC4 was known-strong. Two years ago DES-CBC was known-strong. Now we only have AES-GCM. At what point do we think ChaCha/Poly is known-strong, and who gets to make that call? Dan? Adam? Who said "these are known-strong" and when did they say it, and are they still correct? And where and how does a system admin find those things out. _______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
