[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans
From: |
Simon Josefsson |
Subject: |
Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans |
Date: |
Wed, 19 Sep 2007 13:06:34 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
Yoshisato YANAGISAWA <address@hidden> writes:
> Simon Josefsson wrote:
>>> Does somebody know an autoconf-option to check ciphers supported by
>>> libgcrypt?
>>
>> It would not be fool-proof, so I suggest that only a warning is given in
>> case the test fails, but the following test could work:
>>
>> libgcrypt-config --algorithms | grep -i camellia
>>
>> What do you think?
>
> It seems to be premature to directly write code adding support for
> camellia. I will insert "#ifdef USE_CAMELLIA" to the source code.
Sounds good, although please use ENABLE_CAMELLIA to match the existing
style.
>> I don't think we can require libgcrypt 1.3.0+ yet. Perhaps configure
>> could disable camellia support if a sufficient recent libgcrypt is not
>> detected?
>
> OK, I will change the script to disable camellia when the result of
> "libgcrypt --algorithms" don't have camellia. Code in configure script
> will be:
>
> if test "`$LIBGCRYPT_CONFIG --algorithms | grep -i camellia`"; then
> CFLAGS += -DUSE_CAMELLIA
> else
> echo "$as_me: WARNING: camellia feature disabled" >& 2
> fi
>
> Do you think switch on and off by #ifdef in source code is good idea?
Yes. I'm assuming you use AC_DEFINE(ENABLE_CAMELLIA, 1, ...) and not
modifying CFLAGS directly
>> Btw, in gnutls_priority.c, the cipher_priority array is intended to be
>> sorted by preference. I believe it is too early to prefer Camellia over
>> AES and even 3DES by default today. Preferring Camellia over Arcfour
>> may be a good idea though, we don't want to recommend arcfour to anyone.
>> So please move camellia down a bit in the cipher_priority array.
>> Opinions on this choice from others is very welcome.
>
> I also move camellia down between 3DES and Arcfour.
Sounds good to me.
> However, after camellia will have been diffused, it should be
> preferred over 3DES. According to the European NESSIE, 3DES is not
> recommended block cipher. Since camellia has a higher security margin
> than AES, it could be preferred over AES in the future.
We'll leave that decision to later.
/Simon
- [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Simon Josefsson, 2007/09/11
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Florian Weimer, 2007/09/11
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Yoshisato YANAGISAWA, 2007/09/11
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Werner Koch, 2007/09/12
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Simon Josefsson, 2007/09/17
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Yoshisato YANAGISAWA, 2007/09/19
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans,
Simon Josefsson <=
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Andrew W. Nosenko, 2007/09/20
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Simon Josefsson, 2007/09/20
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Yoshisato YANAGISAWA, 2007/09/21
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Yoshisato YANAGISAWA, 2007/09/21
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Simon Josefsson, 2007/09/24
- Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Werner Koch, 2007/09/20
Re: [gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans, Simon Josefsson, 2007/09/19