From owner-svn-src-head@freebsd.org Wed Jun 20 15:30:49 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35718101F57A; Wed, 20 Jun 2018 15:30:49 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "thawte SHA256 SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9297E7FCCB; Wed, 20 Jun 2018 15:30:48 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w5KFOVZK030444; Wed, 20 Jun 2018 08:30:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=IZpaO3VQRlxiAO6j3stF6vhZAITqSHocALieZwCPluc=; b=EDbrRNlDnoPtu3FdGgnm+ux+fmDtk2C73Nlgfpahbgm7OnUErJrEB8L4qJe8WAAnXntf H+zTa18h2s2Bb3Owg3htGyebtoTpzhiIAoclgqEtuvxhT7lnZUNRYIIYJPQMKttMJiy+ wm9Sstm48Q/oQOfTnF5Vq/y/j6y4TOQipZNJ4nAYS55MwbvQccgRP0QEtcNqgrJ56aqn VcyUAOIYRXopo28NRKSuqLVM4CxijHvuS2uzGX50ZRY+2TP63MJ78k9rccIuBF3TF+EV Ixo9CFey3AcYeTa6L14ZgUYE45bcnTVei9/QK8KN9MeduaGHab84qulhdkBd4SCAfvB/ Yg== Received: from nam05-by2-obe.outbound.protection.outlook.com (mail-by2nam05lp0239.outbound.protection.outlook.com [216.32.181.239]) by mx0b-00273201.pphosted.com with ESMTP id 2jqrjp04mn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 20 Jun 2018 08:30:47 -0700 Received: from CO2PR05CA0083.namprd05.prod.outlook.com (2603:10b6:102:2::51) by DM5PR05MB3113.namprd05.prod.outlook.com (2603:10b6:3:c6::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.884.14; Wed, 20 Jun 2018 15:30:45 +0000 Received: from DM3NAM05FT018.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::207) by CO2PR05CA0083.outlook.office365.com (2603:10b6:102:2::51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.884.15 via Frontend Transport; Wed, 20 Jun 2018 15:30:45 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.15 as permitted sender) Received: from P-EMFE01C-SAC.jnpr.net (66.129.239.15) by DM3NAM05FT018.mail.protection.outlook.com (10.152.98.127) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.884.14 via Frontend Transport; Wed, 20 Jun 2018 15:30:43 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by P-EMFE01C-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 20 Jun 2018 08:28:49 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w5KFSmxh030855; Wed, 20 Jun 2018 08:28:48 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 0A1E6644E9; Wed, 20 Jun 2018 08:28:39 -0700 (PDT) To: Benjamin Kaduk CC: "cem@FreeBSD.org" , , , src-committers , "Stephen J. Kiernan" , Subject: Re: svn commit: r335402 - head/sbin/veriexecctl In-Reply-To: References: <201806200108.w5K18sIR050132@repo.freebsd.org> <96021.1529475664@kaos.jnpr.net> Comments: In-reply-to: Benjamin Kaduk message dated "Wed, 20 Jun 2018 08:33:33 -0500." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <13501.1529508518.1@kaos.jnpr.net> Date: Wed, 20 Jun 2018 08:28:39 -0700 Message-ID: <17033.1529508519@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.15; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(396003)(376002)(39860400002)(39380400002)(2980300002)(199004)(189003)(69596002)(77096007)(126002)(476003)(117636001)(16586007)(486006)(39060400002)(86362001)(316002)(6266002)(6246003)(107886003)(59450400001)(229853002)(50466002)(6916009)(446003)(11346002)(26005)(7126003)(186003)(93886005)(55016002)(7696005)(53936002)(9686003)(336012)(561944003)(4326008)(54906003)(76176011)(50226002)(356003)(46406003)(8936002)(47776003)(106466001)(97756001)(305945005)(81166006)(8676002)(97876018)(81156014)(478600001)(5660300001)(1411001)(97736004)(2906002)(68736007)(53416004)(76506005)(23726003)(2810700001)(105596002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB3113; H:P-EMFE01C-SAC.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT018; 1:dTzlaZINb8naFPWUb/ugqzi0sLrE1OSSOk3eOOvKhDFbQiuKSGjEgKDWHYVrJDWwoFyZsZ7gbUYjtu88VJ1hWKjG7oz/UTfXMAeTINyx7Zv/TR5DvmVWwd+H27O8h7pc X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b3f4c3ba-38aa-4e5e-9dbe-08d5d6c2c9ff X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(711020)(2017052603328)(7153060); SRVR:DM5PR05MB3113; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 3:Q5Ev+4T8NkHNe/HeaxbZCzOjFoUmsxWuz6Y4oiIlZvZrw2pbD13mvQWqff47qLvKR0T/Phm7EjvLvnSC8h5JKCU/XdY83f+m5mC13Zwu3ExPpi/7mbTO3Z3gdhknDQGSe7h1/z2IB+DBXNZywsE9id1+OZA3Ra5nN+RY23n6AWMGVcPdOOoiPsOqZEm4IO2+hGHfAZGMNCTXNmfUTNzpglf/sWCBAl+3fgTC45XMObSMV0G4U6dyOeS6JsJ3EjNDvDE5HVS1Va4OZEtK0BIEmksjm7RWVZ0wuvFXgm17nTrEt3tM4RazdCLAxZ5RRRjyE6qqnVDi8yNKZu5FdtPpY6Uu0k0lSa1rV+gWRkonkfI=; 25:C/4StmW9cOgYp+eT+HRmPEVdh7q1iPfSvQthhUGmna+mVeeHdD+GoTeK3dUKG6kyt1gxCGtmj4ZDxBE1+7NEUPxYogGEP7InPi8JJDYBV32upsz2CG+gU6bvK12Gq3pswcfj8HqniJaHxQcNC7JYga36aI9KhmaxhLuKApNFfucykkocYGHPCqMF+qdjdrrOPAL1PJoxOWwAwQIH0GhOx+FZdB0T+nzsrRRY8MQG5qVNiy/VbixW0pUp6FOKAFycmA6cGAv39oqpl04IIRSISpZKZKD2rB6ydjgwD64OuGPXQmHH4QEsX81iOGJpdiN7Dl1ucuzU61XcJLiJK0jyjw== X-MS-TrafficTypeDiagnostic: DM5PR05MB3113: X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 31:3pii8fBcgGqxzqUYIVfJWVebSOhq+XuI6ABMYCyuPtQ1UNzEK+1IZE6jngxJVAzFgFlnl7iA2JGYwMTV+8gtkhz7h6cgPkqOITkBCclk18iweHWxRRaGPlJffpJ4+y3TQHA5zZi0LNDUv3z4SuJgBU5AGONNg1vC6nESe1ouJG0r5W9DFKn3xe+cj7FLjxM0WQ70f2gC8MU0w/JZvaUALpI2/aLJcE7mSsuvxiEqvrg=; 20:9gr5giVSGvmi8UDu8bbtkNlg73b/IcDrg0KdUylTz60ci6q+mj9U/IIZkXeQYp9RxE1W+CHYTolaHrXFhctwTV/4kNMr63gkr05xo5YLJtVRIRjqwp4EFNm+BYAC36G4Dc/91whVhpayR7FszsvUryPiz0OuBE8GQX7428ATUequeiNWG6OIuemwQPOZIh31gDpdXFZc59o9YYecI842+Oumg6jyJljmDUg92fjsVSrtHdZcMmDmf/cQhKKQDUKPba+oZ/q27vRSUmRsrY6LmzM1uX+oaiItP2OeMcwnriq2mHpN7J00XdaxwWh1jNwsGdRhe3htjVBMifchQSSzILehdHCRd9Lt201pU4Uphtb48KTyS4dmZCCVdBxA4xqa/krf1ZyEHty9xNKsi1hMpfK/7M65TWExy8kiiRFyqp16syvEqHrW6sC2qYRoU3Dv7NpJI1+erasM1OipPblBfmemnpzh9FTlcfwC7i5KmGpW8zn5xZYS+qV7PrCdMfna X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(85827821059158); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:DM5PR05MB3113; BCL:0; PCL:0; RULEID:; SRVR:DM5PR05MB3113; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 4:mprROlr5Akf6pxdgujnwx1rN/7G25Thvbw15X0NIBLNwpZZ8e/dyiz4/ID59qytCeYnacJQObF3Wv1BBcq++nN619CMcKdngy2Je7Ne3pLNbSf1k4ZNiEUFJi33JnK5MKj+NL2AFs+4TsUW7pkfGbc56SJTiSVWsnhBTZAnSmciOn1gbvj1HGIh0RBeVMLlxfFjhFS0iGkm5Q0iU2HEmMK3gVKO/GJI0tUx5Bqwuv/aK6Zs9jJTuglJgYTaSwtO11gdVHAiqElH+uVdL3QzCH9UDLeHBdOs7qY5+mw5OFv+fQR809LbyRzArE6k58CT0/Fj5UFSB0W/Y/rz0ge7tnYk/0Kit5ajyIM1dF7Cp9PU= X-Forefront-PRVS: 070912876F X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR05MB3113; 23:obp13ArZyoByC/ChcMO+ewAqfBTxfd09tz33SWTBq?= =?us-ascii?Q?PBkyw81eF4HukqNsn1MTuR+n/ld2hYDwjxPSsII/cHLIQGJ0MXw+pjk6aFoH?= =?us-ascii?Q?Mv1Q32wCnyCDL/05nePGc44J5a5JVUitArNmAtSytSHRnx4fB0vo+UGwbHYB?= =?us-ascii?Q?Ybsq9g9yfn8t1MfF1dgUZ9Abth+yDy16WUHT+9gs8tRC1ld5PMLwnVP02C0G?= =?us-ascii?Q?YymH085m+1qVlnCW1rBrnaBKjMLjJQDu5MibuyLmI+xp4FwlUZI8sQCGa62q?= =?us-ascii?Q?jvejjLJIrR1UxHajdK0bF5+jx6TzN/l/3BvHf7Lo3/QWwCcc+fNHSQdJyWKG?= =?us-ascii?Q?tUaufMp0/KDc5+i8Wcd7c7dG2OqtNJTi9JifxzpEmSWWlJ0mVgU7T12OAakW?= =?us-ascii?Q?Q14uYhD65alptsRKRGB+1MC0b50tTVIMl+LSa5SVBtOkk0ZC7LW/nMWxU5gy?= =?us-ascii?Q?hM5f4UPd50vVTSU0KDv/dFIyvuGqzOxyASZc1Ubb7uQ8qe+D6TskuT+tM/+C?= =?us-ascii?Q?V+XP9yGuAek6GE53dK7uScwF+qNWhrNfvafskuhyLClu7UyzXSxgsHStwfho?= =?us-ascii?Q?QuoabuHTmFi+D7uFlo06egz9pLWUmlmSWMBtewUjnSBgreGwuq+30blGcTHf?= =?us-ascii?Q?T0BtGu2T29EWYsUTMQkJj181vUc/0/d2L7TqWAZEveAA7MUr+aQE8hOJ6oCk?= =?us-ascii?Q?TJ1ljanlCoaoisqhhHveU+icdlbZW3aNCtvnRQgBo3MABlCcapOFmNmeVTeU?= =?us-ascii?Q?NL9sLqaxS1jkHOmmyPREWCLP5ZEuyYGTypjRQsrRFXSQ6wj5i0wwPffrhTuA?= =?us-ascii?Q?qxrKaABcl8V2TdOYL10hHYbv6Qmmv3DaG3p3f/P2cgqprRrUyjy2MPYHPOQM?= =?us-ascii?Q?0mL28zv949RJxlnS73oWVAywjyZJRJiyVIU8jVFMPHAs0o2Gifpqh7oKe3x0?= =?us-ascii?Q?rVMmVS0s3Q5Wtam3KsjUrWA6+uRMciTmEFcIigNrkY+6YYZVxGkH+T6kvFNx?= =?us-ascii?Q?0cGlbq1xpZJO/t40FSZD3a0NBYZ/r0prwrc7OP/VIVwCeK7B6LDUTcdY92LK?= =?us-ascii?Q?75ldg7tfEBEeJoSi+dOqeh6YeEWV5mJl3Ui+xdU4vWwA1fwam3tW7H/cg/bT?= =?us-ascii?Q?vLaC/ctj6nx4ZQgDuRWKzasp8dvThboj6ptcUmarTDja0Joqz88eS1jLtGmI?= =?us-ascii?Q?w72v/f3x4IfZ9iSUfWefrqGZHFI6dZos7MBCbyAoxja5Ybn7k+vWZAA9+uip?= =?us-ascii?Q?mY3IChCto5tWXkpM7H72Dq6uBe96ZfAQWkSNAolaes/Lf30nv75y9vBH0xnc?= =?us-ascii?Q?/ys6jLcjZnBC6n2EK8p7nulzyVUBotST6oEU2T+I9Waws5NcfW3ID0/nHXKn?= =?us-ascii?Q?XDIFt+Adp9bpfI4EcToPdaPgOu7eRjaO4Lgc9mNUUjYiOdZqqBZ+Q+HRyJYX?= =?us-ascii?Q?sxQszkQsQcAZb0qLf5gPxAx+YkcQ1w=3D?= X-Microsoft-Antispam-Message-Info: YYb+9mKin/1bBPf7wUQSThbxHSu+xIYNhBBeRy8Edp6QFrQ8YYaktmD0qxH+bvX+3THCESswoQXIHTNL8QlIQmVhD5dc5KlTA9y0dlJldd7Q+BZCbBhTAbWuNZTdWZSil0WHJQjB+gM3ov9V4l29LPFerHtWYTVsqz82OP0Vm4bNLsXPg3k+Z7ieAsfym30JKZ3Ms61Y0I594UBwXg0Ls+9j1165V6AXDRCfjtgPIwe0tQ2kwFEe4slfRe4RIJA+9ULqKtF0zxhUkwfQxod43qujqdf/YLLQYCzgl2Y89rZ4J2H1EtRK4dKok8SpPo1a3pD7+/ca63EBa4HKbHBhZg== X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 6:wsABmGs1UtzdCxZ/DWK/rFrvQywJDFqfq7BwrOWAgdRANZwhlEFIFU4Z77jkjVv7/XvZWUP6Bmk3GooNfaaepFrB2inx3Z88mIHfoGE2pmXs7uTilC+ZAKvxzLR2ETwsrpLHH4lMVi8ST32w7epM+Pp5ZONc31VEZneahuLey8p57mQUpbLl1KvUIivOWFvu3/ovsyhAmRQCz8+2aPA9nMRvu0FRFaRWynmkKeg0KjA5OG+FoN0LRVDf00aC9DfgYUE40DPIhYO7kt/CswbWd+ySC/vV9usmbwNHibBHS3X+3hr8FYQuPiQJ7hwH4efU2vLbKOOvDqLvQFE4uHfp4cZDAcPn83PQPFOxpS9d/Dh2ObsUZbCB0vKMzNjgqWEbs8mHiHBmr1lmvAW6vJwk/3DeIUwlRKY17xVXCtcHStxfNc6fWLjh/VEmSEg5vrWB9RrgfElHandbRQKTFaSVVw==; 5:44sZJXbsAzghffALKq1HyHBSxlc7lsrAYO1rXHcum1U/Ayu5PeALwK853cHTqVb7vkUpFZh9G8yVfjWKV4yTQpb/6jzda8kS0+71ybCfX3Tsqvyhnq48DdgHn8p1MWkRh8JwN/oNm6eloaKp5nOso0Rp4hlcMMfZRxGU/lox+SA=; 24:DwwBQoiRGw4Dz71wKe7ceAnov8nyLCmG/Zhq8qkiHpKUzBYzIItqHQx/XyoWfk6fe2JKxHYYtOxksgUOOLQS8tr95rwmZAEl/M9YDGnq5n0= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 7:Rbn1RoYdpsTV2mtKNw/65j9WYBRExQmqaHmryNeZbZDy7vOhDa4xWbduc1FcCvV45qePmHHO3pnGz/dwWhZsurdpKU58TK9xWns/XAWMWXrSPn0RMnr3Xk+HBJxMvORLFgqc+cOOJaiHNFTU+8zjp7D1mM26W3SPHrygepJ+xcGiCGRqCSviObC/Cd6VXixzzGdtSMc1lbinGJtl+nDxP6Dpfxa794M7gM4xmO4PAymTcF772GGCdwtG3929gLbR X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jun 2018 15:30:43.7983 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b3f4c3ba-38aa-4e5e-9dbe-08d5d6c2c9ff X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.15]; Helo=[P-EMFE01C-SAC.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3113 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-20_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=31 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=31 clxscore=1011 lowpriorityscore=0 mlxscore=31 impostorscore=0 mlxlogscore=34 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806200172 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2018 15:30:49 -0000 Benjamin Kaduk wrote: > With all due respect, NIST is hardly the sole authority on this topic. True, unless of course you sell to US govt. > With my IETF Security Area Director hat on, any greenfield proposal coming > in > to the IESG that included sha1 support would get extremely strong pushback, > and I don't expect that "reducing boot time" would be seen as sufficiently > compelling. Well that's unfortunate, because reality (and sales teams) can be a pain. The number of customers who would trade boot time for improved security is depressingly small.