From owner-freebsd-current@freebsd.org  Tue Jul 12 10:26:30 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7A8AB91DB7
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Tue, 12 Jul 2016 10:26:30 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from host64.kissl.de (host64.kissl.de [213.239.241.64])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "*.shmhost.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8DB961A4A;
 Tue, 12 Jul 2016 10:26:30 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from francos-mbp.homeoffice.local
 (dslb-092-078-013-119.092.078.pools.vodafone-ip.de [92.78.13.119])
 (Authenticated sender: web104p1)
 by host64.kissl.de (Postfix) with ESMTPSA id B5AD06AD0C;
 Tue, 12 Jul 2016 12:26:20 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: GOST in OPENSSL_BASE
From: Franco Fichtner <franco@lastsummer.de>
In-Reply-To: <C2F596E2-B417-4DC2-A195-60CFAB6399F5@digsys.bg>
Date: Tue, 12 Jul 2016 12:26:20 +0200
Cc: Matthew Seaman <matthew@FreeBSD.org>,
 freebsd-current@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F22E238A-4262-4684-9623-3FDE25CE78E9@lastsummer.de>
References: <20160710133019.GD20831@zxy.spb.ru>
 <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org>
 <a4f0585d-cc99-e44a-7f59-0dd23e3c969f@FreeBSD.org>
 <20160711184122.GP46309@zxy.spb.ru>
 <98f27660-47ff-d212-8c50-9e6e1cd52e0b@freebsd.org>
 <c0bb5ae3-fee6-d40c-86bd-988c843d757b@freebsd.org>
 <CAN6yY1sOrL42ssbfGUKz8+aY0VvKPDHPx2S0ZRNpmmgdB0V8Tg@mail.gmail.com>
 <a8214f32-ce90-3b97-678a-faad7c6d0b69@freebsd.org>
 <C2F596E2-B417-4DC2-A195-60CFAB6399F5@digsys.bg>
To: Daniel Kalchev <daniel@digsys.bg>
X-Mailer: Apple Mail (2.3124)
X-Virus-Scanned: clamav-milter 0.99 at host64.kissl.de
X-Virus-Status: Clean
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2016 10:26:30 -0000


> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev <daniel@digsys.bg> wrote:
>=20
> It is trivial to play MTIM with this protocol and in fact, there are =
commercially available =E2=80=9Csolutions=E2=80=9D for =E2=80=9Csecuring =
one=E2=80=99s corporate network=E2=80=9D that doe exactly that. Some =
believe this is with the knowledge and approval of the corporation, but =
who is to say what the black box actually does and whose interests it =
serves?

It's also trivial to ignore that pinning certificates and using client
certificates can actually help a great deal to prevent all of what you
just said.  ;)

The bottom line is not having GOST support readily available could =
alienate
a whole lot of businesses.  Not wanting those downstream use cases will =
make
those shift elsewhere and the decision will be seen as an overly =
political
move that in no possible way reflects the motivation of community =
growth.


Cheers,
Franco=