From owner-freebsd-hackers@freebsd.org Mon Oct 30 21:34:21 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 931AAE6611B; Mon, 30 Oct 2017 21:34:21 +0000 (UTC) (envelope-from root@mx0.esc7.net) Received: from mx0.esc7.net (rmx0.esc7.net [72.53.186.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4983172CF2; Mon, 30 Oct 2017 21:34:20 +0000 (UTC) (envelope-from root@mx0.esc7.net) Received: by mx0.esc7.net (Postfix, from userid 0) id 8DBFA465E05; Mon, 30 Oct 2017 16:27:55 -0500 (CDT) Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=8.8.178.116; helo=mx2.freebsd.org; envelope-from=owner-freebsd-security@freebsd.org; receiver=bwarriner@esc7.net Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116]) by mx0.esc7.net (Postfix) with ESMTPS id 3F0F2461B8E for ; Sun, 29 Oct 2017 18:39:30 -0500 (CDT) Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx2.freebsd.org (Postfix) with ESMTPS id 1D805806F3; Sun, 29 Oct 2017 23:39:27 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id CAB866B31C; Sun, 29 Oct 2017 23:39:26 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35D10E4A150; Sun, 29 Oct 2017 19:13:19 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 62F6E635CB; Sun, 29 Oct 2017 19:13:17 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 12074424-135ff7000000649f-9a-59f6271477b6 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 99.E9.25759.41726F95; Sun, 29 Oct 2017 15:08:05 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id v9TJ82R1009557; Sun, 29 Oct 2017 15:08:03 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v9TJ7wQN022191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 29 Oct 2017 15:08:01 -0400 Date: Sun, 29 Oct 2017 14:07:58 -0500 From: Benjamin Kaduk To: Eric McCorkle Subject: Re: Crypto overhaul Message-ID: <20171029190758.GE26855@kduck.kaduk.org> References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprJKsWRmVeSWpSXmKPExsUixCmqrSuq/i3SYOFfFotFszktvk0HMmZP n8ZksX3zP0aLnk1P2Cw+fON3YPOY8Wk+i8fmpjlsHvd2TGDy+LR/MlsASxSXTUpqTmZZapG+ XQJXxrZV71kK2tgqfrz+y97A+JKli5GTQ0LAROLo66OMXYxcHEICi5kkpnz9yQrhbGSUeNNx jhnCucok0Xj6EVCGg4NFQFXi0rFUkG42ATWJx3ubwcIiAhoS83cLgpQzCyxjkrjy9QwjSI2w gIzEwbOXmEBsXqBtJ/fsg5p5nVniVM8VqISgxMmZT8BOYhbQkrjx7yUTyFBmAWmJ5f84QMKc As4S686cZwOxRQWUJfb2HWKfwCgwC0n3LCTdsxC6FzAyr2KUTcmt0s1NzMwpTk3WLU5OzMtL LdI118vNLNFLTSndxAgKb3YXlR2M3T3ehxgFOBiVeHgFNL5GCrEmlhVX5h5ilORgUhLl3Xf+ U6QQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEd4vct8ihXhTEiurUovyYVLSHCxK4rzbgnZFCgmk J5akZqemFqQWwWRlODiUJHi11IAaBYtS01Mr0jJzShDSTBycIMN5gIYHgtTwFhck5hZnpkPk TzEac9x4eP0PE8ezma8bmIVY8vLzUqXEeTtBSgVASjNK8+CmgVKURPb+mleM4kDPCfMqglTx ANMb3LxXQKuYgFZpSH4BWVWSiJCSamBcpZXbovTy1ttNh0v+G16/2yvz5tLy2/YHd840VcgV +N39cUZh2eucqx8O9zTsC2DRfD/d4eN2H+2jghLvAvXEbq/ecfZxxDEB0elXjU8fYJK9KvX8 KpuRbdFkhqu8tXfU0zTnz3+gsv4ad5HuS4UTt/JfrV3Wy54d7NKVy17EfrrAbVNyn4usEktx RqKhFnNRcSIAXZPVuiwDAAA= X-Mailman-Approved-At: Sun, 29 Oct 2017 23:39:24 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list Cc: "freebsd-security@freebsd.org security" , Poul-Henning Kamp , Ben Laurie , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: owner-freebsd-security@freebsd.org Sender: owner-freebsd-security@freebsd.org X-ESC7-MailScanner-Information: Please contact the ISP for more information X-ESC7-MailScanner-ID: 8DBFA465E05.A6C5C X-ESC7-MailScanner: Found to be clean X-ESC7-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-1.499, required 3, autolearn=disabled, HEADER_FROM_DIFFERENT_DOMAINS 0.00, NEW_TLDS 3.50, RCVD_IN_DNSWL_HI -5.00) X-ESC7-MailScanner-From: root@mx0.esc7.net X-Spam-Status: No X-BeenThere: freebsd-hackers@freebsd.org List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Oct 2017 21:34:21 -0000 On Sat, Oct 28, 2017 at 08:36:01PM -0400, Eric McCorkle wrote: > On 10/28/2017 09:15, Poul-Henning Kamp wrote: > > -------- > > In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk writes: > > > >> I would say that the 1.1.x series is less bad, especially on the last count, > >> but don't know how much you've looked at the differences in the new branch. > > > > While "less bad" is certainly a laudable goal for OpenSSL, I hope > > FreeBSD has higher ambitions. > > > > I'm curious about your thoughts on LibreSSL as a possible option. I haven't been following LibreSSL enough to have an informed opinion, but my uninformed opinion was that OpenSSL proper has been proceeding with modernization at a faster pace than LibreSSL. -Ben _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"