Date: Tue, 12 Jul 2016 12:26:20 +0200 From: Franco Fichtner <franco@lastsummer.de> To: Daniel Kalchev <daniel@digsys.bg> Cc: Matthew Seaman <matthew@FreeBSD.org>, freebsd-current@freebsd.org Subject: Re: GOST in OPENSSL_BASE Message-ID: <F22E238A-4262-4684-9623-3FDE25CE78E9@lastsummer.de> In-Reply-To: <C2F596E2-B417-4DC2-A195-60CFAB6399F5@digsys.bg> References: <20160710133019.GD20831@zxy.spb.ru> <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org> <a4f0585d-cc99-e44a-7f59-0dd23e3c969f@FreeBSD.org> <20160711184122.GP46309@zxy.spb.ru> <98f27660-47ff-d212-8c50-9e6e1cd52e0b@freebsd.org> <c0bb5ae3-fee6-d40c-86bd-988c843d757b@freebsd.org> <CAN6yY1sOrL42ssbfGUKz8%2BaY0VvKPDHPx2S0ZRNpmmgdB0V8Tg@mail.gmail.com> <a8214f32-ce90-3b97-678a-faad7c6d0b69@freebsd.org> <C2F596E2-B417-4DC2-A195-60CFAB6399F5@digsys.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev <daniel@digsys.bg> wrote: >=20 > It is trivial to play MTIM with this protocol and in fact, there are = commercially available =E2=80=9Csolutions=E2=80=9D for =E2=80=9Csecuring = one=E2=80=99s corporate network=E2=80=9D that doe exactly that. Some = believe this is with the knowledge and approval of the corporation, but = who is to say what the black box actually does and whose interests it = serves? It's also trivial to ignore that pinning certificates and using client certificates can actually help a great deal to prevent all of what you just said. ;) The bottom line is not having GOST support readily available could = alienate a whole lot of businesses. Not wanting those downstream use cases will = make those shift elsewhere and the decision will be seen as an overly = political move that in no possible way reflects the motivation of community = growth. Cheers, Franco=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F22E238A-4262-4684-9623-3FDE25CE78E9>