Re: [openssl-users] AssAccess was passed with no amendments

2018-12-17 Thread open...@foocrypt.net
Kyle Anyone in their rights minds understands the dangers with government key escrow systems and governments requesting back doors or delaying the remediation of existing zero days, local and remote exploits so that they can utilise them for their own intelligence or law enforcement purposes.

Re: [openssl-users] AssAccess was passed with no amendments

2018-12-16 Thread Kyle Hamilton
Getting the key for any given communication from OpenSSL is definitely doable if you're not using an engine. If you are using an engine, it may or may not be even possible. In any case, maintaining that key once you have it is definitely out of scope of OpenSSL. As an app developer subject to tha

Re: [openssl-users] AssAccess was passed with no amendments

2018-12-16 Thread openssl
Just in time for xmas, Second byte of T.O.L.A. via another P.J.C.I.S. @ https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct > On

Re: [openssl-users] AssAccess was passed with no amendments

2018-12-14 Thread open...@foocrypt.net
Rather than going down the political or policy line, perhaps it may be prudent to discuss the technical solutions to testing the engine, regardless of the OS it is running on. How does one validate and test the engines during / after compile to ensure their ‘trust’ ? > On 15 Dec 2018, at 10:

Re: [openssl-users] AssAccess was passed with no amendments

2018-12-14 Thread Viktor Dukhovni
> On Dec 14, 2018, at 5:42 PM, bmeeke...@buckeye-express.com wrote: > > I simply wanted a clear statement so I can make an informed decision whether > or not I should use OpenSSL in future projects. I now have my answer. Thank > you. This is not the right forum for that question. The bill is

Re: [openssl-users] AssAccess was passed with no amendments

2018-12-14 Thread bmeeker51
Though you could infer my opinion, I was not trying to create a political debate as you allude. I'm sure many users would agree that the A&A bill is profoundly relevant and "on-topic" considering OpenSSL has an Australian developer. I simply wanted a clear statement so I can make an informed

Re: [openssl-users] AssAccess was passed with no amendments

2018-12-14 Thread Michael Wojcik
> On 2018-12-06 04:47, open...@foocrypt.net wrote: > > Does OpenSSL have a policy stance on government enforced back doors ? > > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of bmeeke...@buckeye-express.com > Sent: Friday, December 14, 2018 13:25 > > the silence is d

Re: [openssl-users] AssAccess was passed with no amendments

2018-12-14 Thread bmeeker51
the silence is deafening On 2018-12-06 04:47, open...@foocrypt.net wrote: Does OpenSSL have a policy stance on government enforced back doors ? -- Regards, Mark A. Lane Cryptopocalypse NOW 01 04 2016 Volumes 0.0 -> 10.0 Now available through iTunes - iBooks @ https://itunes.apple.com/au/a

[openssl-users] AssAccess was passed with no amendments

2018-12-06 Thread open...@foocrypt.net
Does OpenSSL have a policy stance on government enforced back doors ? -- Regards, Mark A. Lane Cryptopocalypse NOW 01 04 2016 Volumes 0.0 -> 10.0 Now available through iTunes - iBooks @ https://itunes.apple.com/au/author/mark-a.-lane/id1100062966?mt=11 © Mark A. Lane 1980 - 2018, All Ri