[Cryptography] OPENSSL FREAK

dan at geer.org dan at geer.org
Sun Mar 29 22:39:54 EDT 2015

> To me "throw the baby out with the bathwater every 5 years" is a total
> nonstarter. We have huge business incentives to support old customers, and
> one of our biggest tools for doing that is working around protocol design
> flaws using cipher agility.

Would you comment, please, on whether this means you are
accumulating complexity and, if so, at what rate?  For
comparison, ten years ago friends at MSFT Research told
me that approximately 80% of the labor cost of bringing
out a new version of Windows was backward compatibility.
(As a collector of rather a lot of Excel files, I deeply
appreciate that they all still work, for example.)


More information about the cryptography mailing list