Re: Last Call for "XML Encryption 1.1", "XML Encryption 1.1 CipherReference Processing using 2.0 Transforms" to end this Thursday 16 Feb

Is anyone in a position to contribute GCM implementation source to the OpenSSL community?

regards, Frederick

Frederick Hirsch
Nokia



On Feb 13, 2012, at 10:38 PM, ext Cantor, Scott wrote:

> On 2/13/12 10:23 PM, "Magnus Nystrom" <mnystrom@microsoft.com> wrote:
> 
>> Personally I believe GCM is the better long-term choice, I view RFC 6476
>> as a pragmatic solution but essentially a stop-gap. I cannot tell if
>> there is the possibility of a timing attack and this alone makes me
>> concerned.  Additionally, if XML Sec 1.1 requires GCM I expect to see
>> uptake of that mode.
> 
> OpenSSL isn't going to support GCM sooner because of XML specs. It's
> effectively off the table for me for a decade thanks to RH6 unless I
> implement it from scratch myself. I don't think non-cryptographers like me
> implementing algorithms outside the core libraries like OpenSSL is really
> a direction that leads to better security outcomes.
> 
>> Finally, I'd really (like all of us, I think) like to see this effort
>> reach the goal line and if we keep doing modifications I fear that we'll
>> just move it out even further.
> 
> I have no expectation of supporting it with GCM, so for me it's moot when
> it happens to complete.
> 
> I also am not seeing any sign that GCM is going to be the initial solution
> for the JOSE work, for essentially the same reason. Lots of scripty
> implementations of things use OpenSSL underneath, so they're hobbled by
> the same limitation I am.
> 
> -- Scott
> 

Received on Tuesday, 14 February 2012 12:57:37 UTC