Re: GOST in OPENSSL_BASE

From: Franco Fichtner <franco_at_lastsummer.de>
Date: Tue, 12 Jul 2016 12:26:45 +0200
> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev <daniel_at_digsys.bg> wrote:
> 
> It is trivial to play MTIM with this protocol and in fact, there are commercially available “solutions” for “securing one’s corporate network” that doe exactly that. Some believe this is with the knowledge and approval of the corporation, but who is to say what the black box actually does and whose interests it serves?

It's also trivial to ignore that pinning certificates and using client
certificates can actually help a great deal to prevent all of what you
just said.  ;)

The bottom line is not having GOST support readily available could alienate
a whole lot of businesses.  Not wanting those downstream use cases will make
those shift elsewhere and the decision will be seen as an overly political
move that in no possible way reflects the motivation of community growth.


Cheers,
Franco
Received on Tue Jul 12 2016 - 08:26:47 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:06 UTC