Re: Do we really want to have the legacy provider as opt-in only?

2019-07-16 Thread Kurt Roeckx
On Tue, Jul 16, 2019 at 03:06:28PM -0400, Viktor Dukhovni wrote: > On Mon, Jul 15, 2019 at 02:27:44PM +, Salz, Rich wrote: > > > >>DSA > > > > > > What is the cryptographic weakness of DSA that you are avoiding? > > > > It's a good question. I don't recall the

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-16 Thread Viktor Dukhovni
On Mon, Jul 15, 2019 at 02:27:44PM +, Salz, Rich wrote: > >>DSA > > > > What is the cryptographic weakness of DSA that you are avoiding? > > It's a good question. I don't recall the specific reason why that was > added to > the list. Perhaps others can comment.

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-16 Thread Matt Caswell
On 16/07/2019 19:19, Kurt Roeckx wrote: > On Mon, Jul 15, 2019 at 02:58:42PM +0200, Tomas Mraz wrote: >> Wouldn't it be better to make the legacy provider opt-out? I.E. require >> explicit configuration or explicit API call to not load the legacy >> provider. > > I'm not even sure why they

Re: Do we really want to have the legacy provider as opt-in only?

2019-07-16 Thread Kurt Roeckx
On Mon, Jul 15, 2019 at 02:58:42PM +0200, Tomas Mraz wrote: > Wouldn't it be better to make the legacy provider opt-out? I.E. require > explicit configuration or explicit API call to not load the legacy > provider. I'm not even sure why they need to move to a different provider (at this time).