For the sake of brevity I’ll answer to only some of your points (that I consider relevant to my views or work).
On 8/10/15, 5:44 , "openssl-dev on behalf of David Woodhouse" <[email protected] on behalf of [email protected]> wrote: >UEFI is widely mocked for how bloated it is, given that the job of a sane >firmware is to boot the operating as quickly as possible and then get the >hell out of the way. Yes. But skimping on security features is not a good way to deal with software/firmware bloat. And again, attacks on this layer are increasing in quantity and sophistication. The current protection mechanisms appear insufficient. Draw your own conclusions. >You seem to be suggesting that we build in some cryptographic >functionality that we admit we have no *idea* how we could sensibly use >it, and also build in various extended math library routines that are >currently unneeded but would need a whole bunch of pain for different >GCC/MSVC/LLVM toolchains and ABIs... just in case we one day work out how >we might use it. All that for just one attribute? Of a certificate that you already have to deal with? I’m missing something, or you’re not correct.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
