Date: Wed, 20 Jun 2018 09:58:19 -0600 From: Ian Lepore <ian@freebsd.org> To: cem@freebsd.org, "Simon J. Gerraty" <sjg@juniper.net> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org>, "Stephen J. Kiernan" <stevek@freebsd.org> Subject: Re: svn commit: r335402 - head/sbin/veriexecctl Message-ID: <1529510299.24573.5.camel@freebsd.org> In-Reply-To: <CAG6CVpVwrWaDMcVRfgaOHagfPbnmULKe6R=GJiZi-reZYbZr8A@mail.gmail.com> References: <201806200108.w5K18sIR050132@repo.freebsd.org> <CAG6CVpV124ze%2BY6xX2ZFqbM%2B3hJNEJWR2qpnChpey=PmiW6qXg@mail.gmail.com> <96021.1529475664@kaos.jnpr.net> <CAJ5_RoBvwNH7-ZCd3LxtXg21TE49uX2y35Jwa6MM%2Bwn%2BX0_wUQ@mail.gmail.com> <17033.1529508519@kaos.jnpr.net> <CAG6CVpVwrWaDMcVRfgaOHagfPbnmULKe6R=GJiZi-reZYbZr8A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2018-06-20 at 08:45 -0700, Conrad Meyer wrote: > You can keep these poor security modes in your downstream product if > you want, but don't put them in the tree. > And I request exactly the opposite: reject the complaining of people who think all the world is a 256-core 5ghz server and leave in the option to use faster algorithms on real-world hardware used by real- world vendors who need some option other than "rev your hardware every 18 months to keep up with the software or get out of the business." Stronger algorithm options, yes. Even making stronger options the default, yes. But removing viable options which are endorsed by the people who actually set the standards, no. - Ian > On Wed, Jun 20, 2018 at 8:28 AM, Simon J. Gerraty <sjg@juniper.net> > wrote: > > > > Benjamin Kaduk <bjkfbsd@gmail.com> wrote: > > > > > > With all due respect, NIST is hardly the sole authority on this > > > topic. > > True, unless of course you sell to US govt. > > > > > > > > With my IETF Security Area Director hat on, any greenfield > > > proposal coming > > > in > > > to the IESG that included sha1 support would get extremely strong > > > pushback, > > > and I don't expect that "reducing boot time" would be seen as > > > sufficiently > > > compelling. > > Well that's unfortunate, because reality (and sales teams) can be a > > pain. The number of customers who would trade boot time for > > improved > > security is depressingly small. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1529510299.24573.5.camel>