[gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans
simon at josefsson.org
Wed Sep 19 13:06:34 CEST 2007
Yoshisato YANAGISAWA <yanagisawa at csg.is.titech.ac.jp> writes:
> Simon Josefsson wrote:
>>> Does somebody know an autoconf-option to check ciphers supported by
>> It would not be fool-proof, so I suggest that only a warning is given in
>> case the test fails, but the following test could work:
>> libgcrypt-config --algorithms | grep -i camellia
>> What do you think?
> It seems to be premature to directly write code adding support for
> camellia. I will insert "#ifdef USE_CAMELLIA" to the source code.
Sounds good, although please use ENABLE_CAMELLIA to match the existing
>> I don't think we can require libgcrypt 1.3.0+ yet. Perhaps configure
>> could disable camellia support if a sufficient recent libgcrypt is not
> OK, I will change the script to disable camellia when the result of
> "libgcrypt --algorithms" don't have camellia. Code in configure script
> will be:
> if test "`$LIBGCRYPT_CONFIG --algorithms | grep -i camellia`"; then
> CFLAGS += -DUSE_CAMELLIA
> echo "$as_me: WARNING: camellia feature disabled" >& 2
> Do you think switch on and off by #ifdef in source code is good idea?
Yes. I'm assuming you use AC_DEFINE(ENABLE_CAMELLIA, 1, ...) and not
modifying CFLAGS directly
>> Btw, in gnutls_priority.c, the cipher_priority array is intended to be
>> sorted by preference. I believe it is too early to prefer Camellia over
>> AES and even 3DES by default today. Preferring Camellia over Arcfour
>> may be a good idea though, we don't want to recommend arcfour to anyone.
>> So please move camellia down a bit in the cipher_priority array.
>> Opinions on this choice from others is very welcome.
> I also move camellia down between 3DES and Arcfour.
Sounds good to me.
> However, after camellia will have been diffused, it should be
> preferred over 3DES. According to the European NESSIE, 3DES is not
> recommended block cipher. Since camellia has a higher security margin
> than AES, it could be preferred over AES in the future.
We'll leave that decision to later.
More information about the Gnutls-devel