[Cryptography] OpenSSL minimal "safe" configuration?
Ray Dillinger
bear at sonic.net
Wed Jan 13 19:14:13 EST 2016
On 01/13/2016 03:16 PM, Viktor Dukhovni wrote:
>
> For the rest of the world, being able to communicate trumps all other
> concerns, and if security breaks communication, security will be turned
> off, not communication.
That may be, but can't people actually be required to consciously
*turn* it off?
If someone really wants to be compatible with an insecure old product,
I have no problem with them being able to go and change the calls to
"OpenSSL" in their scripts into calls to "InsecureSSL" and move
"InsecureSSL" into their $PATH where scripts can invoke it. That is
a conscious decision to turn off security.
But I really, really object to the idea that being compatible with
insecure crap should be the *DEFAULT* configuration, or that scripts
invoking insecure operations in OpenSSL should continue to work after
those operations are discovered to be insecure.
When things are discovered to be insecure, or computing resources
advance to the point where they are no longer secure, it should
require a conscious decision and configuration action to continue
using them, not mere inertia.
Finally I object to the idea that the choice to use a tool supporting
known insecure operations (and have that tool available in secure/bin
where "Secure" scripts can invoke it in insecure modes) should be the
default.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160113/aa620de9/attachment.sig>
More information about the cryptography
mailing list