Am 07.11.2013 13:47, schrieb Alexander Holler:
Am 07.11.2013 12:16, schrieb Dave Cridland:
On Wed, Nov 6, 2013 at 8:02 PM, Alexander Holler
<[email protected]>wrote:
Not exactly the same, but I don't like the part
"or require cipher suites that enable forward secrecy"
for the same reason. OpenSSL 1.x isn't around that long, and there are
still many systems which do use e.g. Debian squeeze. And I assume the
state of OpenSSL on other "stable" systems like e.g. SLES or RHEL isn't
much better (but that's just an assumption from me).
I hate to say it, but... If the TLS implementation you're using in
production isn't sufficient, then trying to change what "sufficient"
means
is probably not the right approach.
I didn't speak about production environments. The manifesto affects all
users and a lot of them don't (have to) care about production environments.
E.g. my server only has to serve my needs and nobody else ones. So I can
make a lot of compromises up to the fact, that I don't care if the NSA
or GHCQ would be dumb enough to snoop on my communications which happens
over my XMPP server (which isn't that much).
But I care if my server wouldn't be able to communicate with other
servers because they require e.g. TLSv1.2.
So, please, don't interpret that such that I don't care for production
environments. I'm just able to differentiate between a production
environment and an environment with much less stringent requirements.
I'm pretty aware of the different requirements.
Besides that, Debian squeeze EOL seems to be February 2014, so until
then I will have updated my little server. So my XMPP-server on my
Debian server will then have the pleasure to be able to use OpenSSL 1.x
without any additional effort on my side. So at least the problem with
missing TLSv1.2 support will be gone for me until then without me having
to spend production like resources right now (ok, I still have to make
the update, but that is already scheduled in my resource planning for my
little server). Unfortunately I can't spend as much resources on my
little server as I'm able to do for production environments.
Regards,
Alexander Holler
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
