[gnutls-devel] GnuTLS | Clarify plans for gost implementation (#942)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Feb 21 08:57:17 CET 2020
Niels Möller commented:
About Nettle, my thinking is that there's no harm in having support for some weak/broken/untrusted algorithms. And that it's the library or application that does algorithm selection that is responsible for only using appropriate algorithms. Besides gosthash, we have MD4, single DES, ... Those should be used only when required for interop with old stuff.
Gost ecc curves are perhaps a different matter, since they appear to meet current security requirements (unless one suspects parameters have been doctored in some clever way), and it therefore seems more likely that applications may want to support them by default. E.g., if you see an x.509 cert mentioning a public GOST DSA key, should you refuse to use it? If you don't trust the judgement of the CA that issues certs for GOST DSA keys, you probably shouldn't rely on that CA at all. And there may be other use cases, e.g., DH exchange using GOST curves. I don't have the full picture. But the choice is still fully under control of the library or application that uses Nettle.
For Gnutls, having support for gost curves disabled by default seems like a reasonable and conservative choice to me. When are gost curves used? TLS connections to government web servers? Client certs only, or also server certs?
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/942#note_292097250
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel