- From: <Frederick.Hirsch@nokia.com>
- Date: Tue, 14 Feb 2012 12:57:00 +0000
- To: <public-xmlsec@w3.org>
- CC: <Frederick.Hirsch@nokia.com>, <mnystrom@microsoft.com>, <cantor.2@osu.edu>
Is anyone in a position to contribute GCM implementation source to the OpenSSL community? regards, Frederick Frederick Hirsch Nokia On Feb 13, 2012, at 10:38 PM, ext Cantor, Scott wrote: > On 2/13/12 10:23 PM, "Magnus Nystrom" <mnystrom@microsoft.com> wrote: > >> Personally I believe GCM is the better long-term choice, I view RFC 6476 >> as a pragmatic solution but essentially a stop-gap. I cannot tell if >> there is the possibility of a timing attack and this alone makes me >> concerned. Additionally, if XML Sec 1.1 requires GCM I expect to see >> uptake of that mode. > > OpenSSL isn't going to support GCM sooner because of XML specs. It's > effectively off the table for me for a decade thanks to RH6 unless I > implement it from scratch myself. I don't think non-cryptographers like me > implementing algorithms outside the core libraries like OpenSSL is really > a direction that leads to better security outcomes. > >> Finally, I'd really (like all of us, I think) like to see this effort >> reach the goal line and if we keep doing modifications I fear that we'll >> just move it out even further. > > I have no expectation of supporting it with GCM, so for me it's moot when > it happens to complete. > > I also am not seeing any sign that GCM is going to be the initial solution > for the JOSE work, for essentially the same reason. Lots of scripty > implementations of things use OpenSSL underneath, so they're hobbled by > the same limitation I am. > > -- Scott >
Received on Tuesday, 14 February 2012 12:57:37 UTC