Re: [openssl-users] Case-sensitive cipher names are a bad idea

On 8/15/2014 10:10 PM, Jeffrey Walton wrote: On Sat, Aug 16, 2014 at 12:08 AM,shath...@e-z.net wrote: ... Even today with Unicode character set families, the ability to provide a global case-independent mapping becomes a massive problem. There are a variety of latin-like alphabets and greek

Case-sensitive cipher names are a bad idea

Does ANYONE think that case-sensitive cipher names are good idea? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surprised by how weakly-protected they are. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge MA IM:

Re: Case-sensitive cipher names are a bad idea

Hello On 15.08.2014 17:43, Salz, Rich wrote: Does ANYONE think that case-sensitive cipher names are good idea? this is a bad idea; or can you explain the difference between tlsv1:rc4-md5 and TLSV1:RC4-MD5? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be

Re: Case-sensitive cipher names are a bad idea

On Fri, Aug 15, 2014 at 11:43:51AM -0400, Salz, Rich wrote: Does ANYONE think that case-sensitive cipher names are good idea? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surprised by how weakly-protected they are. The case makes some things more clear:

RE: Case-sensitive cipher names are a bad idea

The case makes some things more clear: I never said it didn't. There are lots of other ways to typo the input string. Yup, but saying TLSV1 won't work while TLSv1 does work is silly. Perhaps there are currently no collisions, and case folding is likely safe, but I don't really see much

RE: Case-sensitive cipher names are a bad idea

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Salz, Rich Sent: Friday, 15 August, 2014 14:36 To: openssl-users@openssl.org Subject: RE: Case-sensitive cipher names are a bad idea The case makes some things more clear

RE: Case-sensitive cipher names are a bad idea

Well, one problem is that strcasecmp is not in the Standard C Library, and in fact is illegal, because external identifiers beginning with str are reserved to the implementation. Openssl already handles that, thanks. That said, I agree that case-insensitive comparison would be a good

Re: Case-sensitive cipher names are a bad idea

Does ANYONE think that case-sensitive cipher names are good idea? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surprised by how weakly-protected they are. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge MA IM:

Re: Case-sensitive cipher names are a bad idea

On Sat, Aug 16, 2014 at 12:08 AM, shath...@e-z.net wrote: ... Even today with Unicode character set families, the ability to provide a global case-independent mapping becomes a massive problem. There are a variety of latin-like alphabets and greek alphabets, and even IBM EBCDIC encodings