On Tue, Dec 16, 2014 at 01:04:17PM -0500, Salz, Rich wrote: > > Subtracting (in local configuration) algorithms from a keyword denoting all > > known-strong algorithms is hand-tuning, but not fragile hand-tuning. > > Three years ago RC4 was known-strong. Two years ago DES-CBC was > known-strong. Now we only have AES-GCM. At what point do we think > ChaCha/Poly is known-strong, and who gets to make that call? Dan? > Adam?
Changing the internal relative strength weighings of these requires pushing out new code. Something that... happens all the time. I'm not against local configuration of these things as, say, a temporary override while waiting for patches. The configuration needs to be simple and not fragile. Subtracting from named sets of algorithms and sorting by desired attributes (speed, strength), is a non-fragile way to specify administrative preferences. Assiging numeric algorithm strength in a config file is fragile but acceptable for emergencies. > Who said "these are known-strong" and when did they say it, and are > they still correct? And where and how does a system admin find those > things out. This is why I'm advising against exposing any sort of numeric algorithm strength assessments to _applications_: once those are baked in in the application they can't be changed. I realize that there was no proposal to do so. However, any time numeric algorithm strength assessments are discussed is also a good time to warn others to avoid the SASL SSF mistake. Nico -- _______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
