tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Proposal: Remove MKCRYPTO_RC5
It is hard to imagine that anyone cares about RC5 today:
- It predates AES. (Its successor, RC6, was an AES finalist.)
- It is used in no major internet protocols to my knowledge, except
maybe IPsec -- but our kernel obviously doesn't support it there.
- It has no advantages over other choices of block cipher, e.g. AES.
- It is (still!) patented in the United States, so it has only ever
been a default-off option that we go to extra work to implement.
- It is not used anywhere in the base system outside OpenSSL.
I'm also not sure anyone tests MKCRYPTO_RC5=yes.
So I would like to remove MKCRYPTO_RC5 and unconditionally omit RC5
from our OpenSSL build. If you really want RC5 in OpenSSL, you can
still get it from pkgsrc or from a custom OpenSSL build.
Unless anyone objects before Friday next week, I will remove the
MKCRYPTO_RC5 option.
Home |
Main Index |
Thread Index |
Old Index