On Tue, Apr 15, 2014 at 03:34:36PM -0600, Theo de Raadt wrote: > >Log message: > >Remove the GOST engine: It is not compiled or used and depends on the > >"dynamic engine" feature that is not enabled in our build. People who > >need it can still pull it out of the Attic; if it is to have a Russian > >engine just because it's a Russian engine. > >---------------------------------------------------------------------- > > > >This hash function is a formal requirement in all public institutions in > >Russia. Removing it, the work of people using OpenBSD in these > >institutions is greatly complicated by its return. > > First off, this library primary function is to supply two major > components for use by people: > > SSL protocol > raw symmetric & assymetric crypto functions > > Meeting the "requirements of public institutions" is pretty low on the > list right about now. Quite frankly, I do not want my own government > using OpenSSL for anything. As it is now, it is not suitable. > > >This is a political decision, or indeed it is necessary for the cleaning > >OpenSSL? Do not throw out the child along with the bath. > > Dynamic loading of crypto libraries into a framework is not > acceptable. Furthermore, if you dig just a bit deeper, you will > quickly realize that this code has not worked in our tree before. It > was not enabled. It did not work. > > In the interests of full disclosure, do you work for the government or > sell to the government?
I'm not sure what it means "to work for the government" in terms of the English language. I am now in the process of transfer to the IT-department of city hall of small town in the geographical center of Russia. In the area of my responsibility will be the network infrastructure of city hall. This is "work for the government"? I assumed that, for establishment GOST, it is enough to recompile OpenSSL in source tree and install it. Situation worsens in that it is the only implementation of GOST, so that there are no alternatives for unix and unix-like systems. Yet your words as the words of Bob and Reyk, given your competence in this area, sound convincing. If it makes the system more secure, it is a sensible move. I am glad that there is no politics.
