tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Proposal: Remove MKCRYPTO_RC5

It is hard to imagine that anyone cares about RC5 today:

- It predates AES.  (Its successor, RC6, was an AES finalist.)
- It is used in no major internet protocols to my knowledge, except
maybe IPsec -- but our kernel obviously doesn't support it there.
- It has no advantages over other choices of block cipher, e.g. AES.
- It is (still!) patented in the United States, so it has only ever
been a default-off option that we go to extra work to implement.
- It is not used anywhere in the base system outside OpenSSL.

I'm also not sure anyone tests MKCRYPTO_RC5=yes.

So I would like to remove MKCRYPTO_RC5 and unconditionally omit RC5
from our OpenSSL build.  If you really want RC5 in OpenSSL, you can
still get it from pkgsrc or from a custom OpenSSL build.

Unless anyone objects before Friday next week, I will remove the
MKCRYPTO_RC5 option.

Home | Main Index | Thread Index | Old Index