Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 22 Jul 2015 14:16:27 +0200
From: Markus Vervier <markus.vervier@...xperts.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: AWS s2n


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 15.07.2015 03:57, MacCarthaigh, Colm wrote:
> like our first cut. That restriction also means that we’re not seeing any production usage from
downstream adopters, or downstream packaging. I’m not aware of anyone
using s2n as a client.

Hi Colm,

thx for the long explanation, I see your point. I just have to add that
I would recommend to not compile client mode code regarded as
insecure/unstable into the library by default. Even if somewhat guarded
by an environment variable.

Markus

- -- 
Markus Vervier (IT Security Consultant and Software Developer),
http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel.: +49 (0) 6151 86086-261, Fax: -299,
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVr4mLAAoJEK9u9A5+VXgeqEUIALhFsuAm/Owzv7JhIPzuJYjn
nWibQowQq2/x5CcQ+woqoTxqQOLLcV9Ajr07MEYf3st0SMb+NM6E6NI/1nJiAxIZ
bNBOkPoMbf+GqvFWDpuLAYcKgpD9+12X26oESX8ccIjMk7n214SUI8GKB7YcOBSM
JoWzDIGcjxP9WdhhsHtsAhibHDVV6+I89HnMFbyIGsoCP2xysW8O96dh2IGJ2SWa
dF3Yfve6FcaBIUMDvr3Ye7Gge3aoG1TIUpvqdQ31pLX+ZcUADQHfU7ohOxNO/HkM
smMES7hMoWJo20hFggKsxDswHidw3tAixVcSUMcvBl6q5xW1i70mlWdJjONEtVA=
=H0Wz
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ