David Champion wrote: > * On 03 Feb 2015, Kevin J. McCarthy wrote: > > > > > > see > > > http://en.wikipedia.org/wiki/Data_Encryption_Standard#Security_and_cryptanalysis > > > > > > I'm attaching a patch that instead creates a default of "aes256". > > > > I have no problem with this, but let's just poll the list first. Does > > anyone have a problem with setting the default smime algorithm to > > aes256? > > In principle no. The main consideration with this kind of change > is whether the new default is available to the currently supported > installed base. (E.g. if we "support" fedora 12 and fedora 12's openssl > doesn't have aes256, then there's a problem.) I don't think that there > are any actual issues here, but that's the underlying question I think. > > So +0, +1 if it's certain that aes256 is pretty much universal at this > point.
Hi David, Thanks for your input! I did do a little searching around. In the openssl changelog for 0.9.7 [31 Dec 2002]: https://www.openssl.org/news/changelog.html it mentions Rijndael and aes a few times. I also found a ticket from 2/2004: https://rt.openssl.org/Ticket/Display.html?id=834&user=guest&pass=guest that indicates the -aes256 flag was already supported back then. I can't say for certain that it's universal at this point though, as I haven't really paid much attention on openssl up to this point! :-) So unless someone can proclaim that with certainty, I'll just push the des3 default in a few days. At least the other options are documented and people can adjust as they see fit. -Kevin
signature.asc
Description: PGP signature
