Robert Moskowitz wrote: > > On 01/09/2014 05:28 PM, John R Pierce wrote: >> On 1/9/2014 2:20 PM, Eero Volotinen wrote: >>> It might be easier to compromise security of commercial products as >>> source code is not available. they seem to have succeeded in compromising >>>> STANDARDS and ALGORITHMS, to heck with implementations. > > Only algorithm they compromised was an RNG that got pretty strong thumbs > down from the real cryptographers. They have not compromised any IETF > standard; maybe kept quite about a problem, but have not put holes in > any. Most of our problems with TLS is implementations and backwards > compatiblity options. Not quite - anyone mandated to POSIX standards are effectively mandated to use the compromised algorithms, as I understand it. mark _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos