Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Tomas Mraz
On Mon, 2019-07-15 at 16:25 +0200, Richard Levitte wrote: > On Mon, 15 Jul 2019 16:15:01 +0200, > Tomas Mraz wrote: > > So saying this is "just recompliation and configuration change" is > > at least somewhat oversimplified. > > > > But I am OK with that. I'm just saying it should be better > >

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Salz, Rich
>>DSA > > What is the cryptographic weakness of DSA that you are avoiding? It's a good question. I don't recall the specific reason why that was added to the list. Perhaps others can comment. The only weakness I know about is that if you re-use the nonce, the

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Richard Levitte
On Mon, 15 Jul 2019 16:15:01 +0200, Tomas Mraz wrote: > > So saying this is "just recompliation and configuration change" is > at least somewhat oversimplified. > > But I am OK with that. I'm just saying it should be better advertised > and that internally openssl should not use the "load legacy

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Matt Caswell
On 15/07/2019 15:15, Tomas Mraz wrote: > On Mon, 2019-07-15 at 14:48 +0100, Matt Caswell wrote: >> >> On 15/07/2019 14:43, Tomas Mraz wrote: >>> On Mon, 2019-07-15 at 14:19 +0100, Matt Caswell wrote: On 15/07/2019 13:58, Tomas Mraz wrote: > IMO this is a major release and

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Tomas Mraz
On Mon, 2019-07-15 at 14:48 +0100, Matt Caswell wrote: > > On 15/07/2019 14:43, Tomas Mraz wrote: > > On Mon, 2019-07-15 at 14:19 +0100, Matt Caswell wrote: > > > On 15/07/2019 13:58, Tomas Mraz wrote: > > > > > > > IMO this is a major release and therefore we should be taking the > > >

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Salz, Rich
>DSA What is the cryptographic weakness of DSA that you are avoiding?

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Matt Caswell
On 15/07/2019 14:46, Salz, Rich wrote: > >>DSA > > What is the cryptographic weakness of DSA that you are avoiding? It's a good question. I don't recall the specific reason why that was added to the list. Perhaps others can comment. Matt

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Matt Caswell
On 15/07/2019 14:43, Tomas Mraz wrote: > On Mon, 2019-07-15 at 14:19 +0100, Matt Caswell wrote: >> >> On 15/07/2019 13:58, Tomas Mraz wrote: >>> Hi everyone, >>> >>> if the Subject was already fully discussed and thought through then >>> please disregard this but otherwise I'd like this e-mail

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Tomas Mraz
On Mon, 2019-07-15 at 14:19 +0100, Matt Caswell wrote: > > On 15/07/2019 13:58, Tomas Mraz wrote: > > Hi everyone, > > > > if the Subject was already fully discussed and thought through then > > please disregard this but otherwise I'd like this e-mail to be a > > starting point for discussion. >

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Matt Caswell
On 15/07/2019 13:58, Tomas Mraz wrote: > Hi everyone, > > if the Subject was already fully discussed and thought through then > please disregard this but otherwise I'd like this e-mail to be a > starting point for discussion. > > I suppose the current intention is to make the legacy provider

Do we really want to have the legacy provider as opt-in only?

2019-07-15 Thread Tomas Mraz
Hi everyone, if the Subject was already fully discussed and thought through then please disregard this but otherwise I'd like this e-mail to be a starting point for discussion. I suppose the current intention is to make the legacy provider as opt- in only by either application explicitly loading