On Mon, 24 Aug 2015 22:32:24 +0200 Hubert Kario <hka...@redhat.com> wrote:
> > After all the whole > > heartbleed story can largely be explained by that. I'd propose that > > OpenSSL doesn't add any new features without a clear explanation > > what advantage they bring in which situation - and who is likely > > going to use that feature. > > bugs happen, refusing to accept patches just because they can have > bugs is short sighted at best > > or can I expect you to express the exact same concerns when ChaCha20 > patches will be proposed? I think the situation with chacha20 is very different. Its advantages seem convincing enough that some major players responsible for a large part of internet connections are already using it. I see nothing alike with camellia. If you can give me a convincing argument who would use camellia and for what I may reconsider my opinion. "It's standardized" doesn't mean anyone actually uses or wants to use it. Right now I only see people deprecating it. I think the thing that bite with heartbleed was: A very obscure feature, nobody used it, nobody cared for it, so nobody looked at it. Camellia looks very similar, I doubt it will gain any significant use even if openssl supported camellia-gcm modes. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgp3rZeH9NrDa.pgp
Description: OpenPGP digital signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
