[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

Aaron Zauner azet at azet.org
Wed May 14 14:31:29 CEST 2014


L. Aaron Kaplan wrote:
> On May 13, 2014, at 8:31 PM, Aaron Zauner <azet at azet.org> wrote:
>> Ok, I've come up with the following B cipherstring:
>> ```
>> ``
> Can we go over this proposal at the next meeting?
You missed the mailing list (in CC now).

Sure. The thing is I want this to be changed ASAP since it negatively
affects all our recommendations for OpenSSL <1.0.0 (see forwarded
openssl-dev mail). We're currently shipping _non_optimal_ security for
systems that ship those OpenSSL versions (RHEL5+6, MacOS X, Debian
old-stable, for example).

Since the next meeting is planned for June, and we have a lot of people
on the mailing list that won't make it to this meeting, I'd be a good
idea to discuss this issue beforehand on the list. Unfortunately there's
little to no input on any of the issues I've reported in the last couple
of weeks.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140514/d9cf01f4/attachment.sig>

More information about the Ach mailing list