[gnutls-dev] Time-based release schedule and GnuTLS v2.2 plans

Simon Josefsson simon at josefsson.org
Wed Sep 19 13:06:34 CEST 2007


Yoshisato YANAGISAWA <yanagisawa at csg.is.titech.ac.jp> writes:

> Simon Josefsson wrote:
>>> Does somebody know an autoconf-option to check ciphers supported by
>>> libgcrypt?
>> 
>> It would not be fool-proof, so I suggest that only a warning is given in
>> case the test fails, but the following test could work:
>> 
>>  libgcrypt-config --algorithms | grep -i camellia
>> 
>> What do you think?
>
> It seems to be premature to directly write code adding support for 
> camellia.  I will insert "#ifdef USE_CAMELLIA" to the source code.

Sounds good, although please use ENABLE_CAMELLIA to match the existing
style.

>> I don't think we can require libgcrypt 1.3.0+ yet.  Perhaps configure
>> could disable camellia support if a sufficient recent libgcrypt is not
>> detected?
>
> OK, I will change the script to disable camellia when the result of 
> "libgcrypt --algorithms" don't have camellia.  Code in configure script 
> will be:
>
>      if test "`$LIBGCRYPT_CONFIG --algorithms | grep -i camellia`"; then
>      	CFLAGS += -DUSE_CAMELLIA
>      else
>      	echo "$as_me: WARNING: camellia feature disabled" >& 2
>      fi
>
> Do you think switch on and off by #ifdef in source code is good idea?

Yes.  I'm assuming you use AC_DEFINE(ENABLE_CAMELLIA, 1, ...) and not
modifying CFLAGS directly

>> Btw, in gnutls_priority.c, the cipher_priority array is intended to be
>> sorted by preference.  I believe it is too early to prefer Camellia over
>> AES and even 3DES by default today.  Preferring Camellia over Arcfour
>> may be a good idea though, we don't want to recommend arcfour to anyone.
>> So please move camellia down a bit in the cipher_priority array.
>> Opinions on this choice from others is very welcome.
>
> I also move camellia down between 3DES and Arcfour.

Sounds good to me.

> However, after camellia will have been diffused, it should be
> preferred over 3DES.  According to the European NESSIE, 3DES is not
> recommended block cipher.  Since camellia has a higher security margin
> than AES, it could be preferred over AES in the future.

We'll leave that decision to later.

/Simon




More information about the Gnutls-devel mailing list