From owner-freebsd-hackers@freebsd.org Sun Oct 29 19:13:19 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35D10E4A150; Sun, 29 Oct 2017 19:13:19 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 62F6E635CB; Sun, 29 Oct 2017 19:13:17 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 12074424-135ff7000000649f-9a-59f6271477b6 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 99.E9.25759.41726F95; Sun, 29 Oct 2017 15:08:05 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id v9TJ82R1009557; Sun, 29 Oct 2017 15:08:03 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v9TJ7wQN022191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 29 Oct 2017 15:08:01 -0400 Date: Sun, 29 Oct 2017 14:07:58 -0500 From: Benjamin Kaduk To: Eric McCorkle Cc: Poul-Henning Kamp , "freebsd-security@freebsd.org security" , "freebsd-arch@freebsd.org" , Ben Laurie , "freebsd-hackers@freebsd.org" Subject: Re: Crypto overhaul Message-ID: <20171029190758.GE26855@kduck.kaduk.org> References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprJKsWRmVeSWpSXmKPExsUixCmqrSuq/i3SYOFfFotFszktvk0HMmZP n8ZksX3zP0aLnk1P2Cw+fON3YPOY8Wk+i8fmpjlsHvd2TGDy+LR/MlsASxSXTUpqTmZZapG+ XQJXxrZV71kK2tgqfrz+y97A+JKli5GTQ0LAROLo66OMXYxcHEICi5kkpnz9yQrhbGSUeNNx jhnCucok0Xj6EVCGg4NFQFXi0rFUkG42ATWJx3ubwcIiAhoS83cLgpQzCyxjkrjy9QwjSI2w gIzEwbOXmEBsXqBtJ/fsg5p5nVniVM8VqISgxMmZT8BOYhbQkrjx7yUTyFBmAWmJ5f84QMKc As4S686cZwOxRQWUJfb2HWKfwCgwC0n3LCTdsxC6FzAyr2KUTcmt0s1NzMwpTk3WLU5OzMtL LdI118vNLNFLTSndxAgKb3YXlR2M3T3ehxgFOBiVeHgFNL5GCrEmlhVX5h5ilORgUhLl3Xf+ U6QQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEd4vct8ihXhTEiurUovyYVLSHCxK4rzbgnZFCgmk J5akZqemFqQWwWRlODiUJHi11IAaBYtS01Mr0jJzShDSTBycIMN5gIYHgtTwFhck5hZnpkPk TzEac9x4eP0PE8ezma8bmIVY8vLzUqXEeTtBSgVASjNK8+CmgVKURPb+mleM4kDPCfMqglTx ANMb3LxXQKuYgFZpSH4BWVWSiJCSamBcpZXbovTy1ttNh0v+G16/2yvz5tLy2/YHd840VcgV +N39cUZh2eucqx8O9zTsC2DRfD/d4eN2H+2jghLvAvXEbq/ecfZxxDEB0elXjU8fYJK9KvX8 KpuRbdFkhqu8tXfU0zTnz3+gsv4ad5HuS4UTt/JfrV3Wy54d7NKVy17EfrrAbVNyn4usEktx RqKhFnNRcSIAXZPVuiwDAAA= X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 19:13:19 -0000 On Sat, Oct 28, 2017 at 08:36:01PM -0400, Eric McCorkle wrote: > On 10/28/2017 09:15, Poul-Henning Kamp wrote: > > -------- > > In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk writes: > > > >> I would say that the 1.1.x series is less bad, especially on the last count, > >> but don't know how much you've looked at the differences in the new branch. > > > > While "less bad" is certainly a laudable goal for OpenSSL, I hope > > FreeBSD has higher ambitions. > > > > I'm curious about your thoughts on LibreSSL as a possible option. I haven't been following LibreSSL enough to have an informed opinion, but my uninformed opinion was that OpenSSL proper has been proceeding with modernization at a faster pace than LibreSSL. -Ben