From owner-freebsd-security@freebsd.org  Mon Jul 11 16:39:38 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 63A84B92AAB;
 Mon, 11 Jul 2016 16:39:38 +0000 (UTC) (envelope-from lists@opsec.eu)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2273B1631;
 Mon, 11 Jul 2016 16:39:38 +0000 (UTC) (envelope-from lists@opsec.eu)
Received: from pi by home.opsec.eu with local (Exim 4.87 (FreeBSD))
 (envelope-from <lists@opsec.eu>)
 id 1bMeF4-0006tH-Lr; Mon, 11 Jul 2016 18:39:34 +0200
Date: Mon, 11 Jul 2016 18:39:34 +0200
From: Kurt Jaeger <lists@opsec.eu>
To: Mark Felder <feld@feld.me>
Cc: Slawa Olhovchenkov <slw@zxy.spb.ru>, Andrey Chernov <ache@freebsd.org>,
 freebsd-security@freebsd.org, freebsd-current@freebsd.org
Subject: Re: GOST in OPENSSL_BASE
Message-ID: <20160711163934.GD95302@home.opsec.eu>
References: <20160710133019.GD20831@zxy.spb.ru>
 <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org>
 <20160710150143.GK46309@zxy.spb.ru>
 <cb12083d-445a-ea19-5538-d670a89fcc6d@freebsd.org>
 <9ead7cd7-7d1b-2dd8-eea8-43f7766d92a9@freebsd.org>
 <d4329543-0503-cfc0-eb17-378d561d4c0f@freebsd.org>
 <20160711102906.GN46309@zxy.spb.ru>
 <1468253073.695754.662984777.1E8F9C28@webmail.messagingengine.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1468253073.695754.662984777.1E8F9C28@webmail.messagingengine.com>
X-Mailman-Approved-At: Mon, 11 Jul 2016 16:46:01 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2016 16:39:38 -0000

Hi!

> > I.e. GOST will be available in openssl.
> > Under BSD-like license.
> > Can be this engine import in base system and enabled at time 1.1.0?
> > And can be GOST enabled now?

> I think the wrong question is being asked here. Instead we need to focus
> on decoupling openssl from base so this can all be handled by ports.

As far as I know, GOST is a standardized crypto algo in .ru, it's
suggested (required?) by the government in .ru. So, if FreeBSD does
not want to alienate the .ru userbase, GOST probably should be in base.

I'm not sure how difficult that would be.

-- 
pi@opsec.eu            +49 171 3101372                         4 years to go !