GOST in OPENSSL_BASE
Franco Fichtner
franco at lastsummer.de
Tue Jul 12 10:26:30 UTC 2016
> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev <daniel at digsys.bg> wrote:
>
> It is trivial to play MTIM with this protocol and in fact, there are commercially available “solutions” for “securing one’s corporate network” that doe exactly that. Some believe this is with the knowledge and approval of the corporation, but who is to say what the black box actually does and whose interests it serves?
It's also trivial to ignore that pinning certificates and using client
certificates can actually help a great deal to prevent all of what you
just said. ;)
The bottom line is not having GOST support readily available could alienate
a whole lot of businesses. Not wanting those downstream use cases will make
those shift elsewhere and the decision will be seen as an overly political
move that in no possible way reflects the motivation of community growth.
Cheers,
Franco
More information about the freebsd-current
mailing list