Date: Wed, 20 Jun 2018 08:45:53 -0700 From: Conrad Meyer <cem@freebsd.org> To: "Simon J. Gerraty" <sjg@juniper.net> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org>, "Stephen J. Kiernan" <stevek@freebsd.org> Subject: Re: svn commit: r335402 - head/sbin/veriexecctl Message-ID: <CAG6CVpVwrWaDMcVRfgaOHagfPbnmULKe6R=GJiZi-reZYbZr8A@mail.gmail.com> In-Reply-To: <17033.1529508519@kaos.jnpr.net> References: <201806200108.w5K18sIR050132@repo.freebsd.org> <CAG6CVpV124ze%2BY6xX2ZFqbM%2B3hJNEJWR2qpnChpey=PmiW6qXg@mail.gmail.com> <96021.1529475664@kaos.jnpr.net> <CAJ5_RoBvwNH7-ZCd3LxtXg21TE49uX2y35Jwa6MM%2Bwn%2BX0_wUQ@mail.gmail.com> <17033.1529508519@kaos.jnpr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
You can keep these poor security modes in your downstream product if you want, but don't put them in the tree. On Wed, Jun 20, 2018 at 8:28 AM, Simon J. Gerraty <sjg@juniper.net> wrote: > Benjamin Kaduk <bjkfbsd@gmail.com> wrote: >> With all due respect, NIST is hardly the sole authority on this topic. > > True, unless of course you sell to US govt. > >> With my IETF Security Area Director hat on, any greenfield proposal coming >> in >> to the IESG that included sha1 support would get extremely strong pushback, >> and I don't expect that "reducing boot time" would be seen as sufficiently >> compelling. > > Well that's unfortunate, because reality (and sales teams) can be a > pain. The number of customers who would trade boot time for improved > security is depressingly small. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpVwrWaDMcVRfgaOHagfPbnmULKe6R=GJiZi-reZYbZr8A>