[gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans
Yoshisato YANAGISAWA
yanagisawa at csg.is.titech.ac.jp
Wed Sep 19 10:12:29 CEST 2007
Simon Josefsson wrote:
>> Does somebody know an autoconf-option to check ciphers supported by
>> libgcrypt?
>
> It would not be fool-proof, so I suggest that only a warning is given in
> case the test fails, but the following test could work:
>
> libgcrypt-config --algorithms | grep -i camellia
>
> What do you think?
It seems to be premature to directly write code adding support for
camellia. I will insert "#ifdef USE_CAMELLIA" to the source code.
> I don't think we can require libgcrypt 1.3.0+ yet. Perhaps configure
> could disable camellia support if a sufficient recent libgcrypt is not
> detected?
OK, I will change the script to disable camellia when the result of
"libgcrypt --algorithms" don't have camellia. Code in configure script
will be:
if test "`$LIBGCRYPT_CONFIG --algorithms | grep -i camellia`"; then
CFLAGS += -DUSE_CAMELLIA
else
echo "$as_me: WARNING: camellia feature disabled" >& 2
fi
Do you think switch on and off by #ifdef in source code is good idea?
> Btw, in gnutls_priority.c, the cipher_priority array is intended to be
> sorted by preference. I believe it is too early to prefer Camellia over
> AES and even 3DES by default today. Preferring Camellia over Arcfour
> may be a good idea though, we don't want to recommend arcfour to anyone.
> So please move camellia down a bit in the cipher_priority array.
> Opinions on this choice from others is very welcome.
I also move camellia down between 3DES and Arcfour. However, after
camellia will have been diffused, it should be preferred over 3DES.
According to the European NESSIE, 3DES is not recommended block cipher.
Since camellia has a higher security margin than AES, it could be
preferred over AES in the future.
Thank you,
Yoshisato YANAGISAWA.
More information about the Gnutls-dev
mailing list