> On Jun 13, 2015, at 4:12 PM, Salz, Rich <rs...@akamai.com> wrote: > > >> Recently the OpenSSL development community has expressed renewed >> interest in having the document finalized as an RFC and they seem to >> consider this to be a prerequisite of BLAKE2's adoption into the main branch >> of OpenSSL > > This is not true. The topic of RFC-or-not has never come up in any OpenSSL > discussions that I have seen.
Except the previous thread. An RFC is not needed to get an algorithm into OpenSSL. It *is* necessary if we want ciphersuites for TLS, signature hashes for certificates PRFs and MACs for IKE/IPsec etc. None of the bodies standardizing those will go with an algorithms whose sole specifications are a website maintained by the people who invented the algorithm and a wikipedia article. That’s where an RFC can help, just like RFC 7539 was needed to get ChaCha20-Poly1305 into TLS and IPsecME drafts. With a good RFC we can push TLS, IPsecME, and PKIX drafts, perhaps even get some interest from CAs in the CA/BF. With Blake2 getting no use at all in browsers, web servers, VPN gateways and certificates, I don’t even know what "BLAKE2 is a de facto industry standard hash function” means. Yoav _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev