Re: [openssl-users] Case-sensitive cipher names are a bad idea

2015-01-17 Thread Steven J. Hathaway
On 8/15/2014 10:10 PM, Jeffrey Walton wrote: On Sat, Aug 16, 2014 at 12:08 AM, wrote: ... Even today with Unicode character set families, the ability to provide a global case-independent mapping becomes a massive problem. There are a variety of latin-like alphabets and greek alphabets, and eve

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Jeffrey Walton
On Sat, Aug 16, 2014 at 12:08 AM, wrote: >> ... > Even today with Unicode character set families, the ability to provide > a global case-independent mapping becomes a massive problem. There are > a variety of latin-like alphabets and greek alphabets, and even > IBM EBCDIC encodings that are much

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread shathawa
> Does ANYONE think that case-sensitive cipher names are good idea? > > Someone who types TLSV1:RC4-MD5 will find things working, but is likely to > be surprised by how weakly-protected they are. > > /r$ > > -- > Principal Security Engineer > Akamai Technologies, Cambridge MA > IM:

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
> Well, one problem is that "strcasecmp" is not in the Standard C Library, and > in > fact is illegal, because external identifiers beginning with "str" are > reserved to > the implementation. Openssl already handles that, thanks. > That said, I agree that case-insensitive comparison would be a

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Michael Wojcik
jcik Technology Specialist, Micro Focus > -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Salz, Rich > Sent: Friday, 15 August, 2014 14:36 > To: openssl-users@openssl.org > Subject: RE: Case-sensitive ciph

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
> The case makes some things more clear: I never said it didn't. > There are lots of other ways to typo the input string. Yup, but saying TLSV1 won't work while TLSv1 does work is silly. > Perhaps there are currently no collisions, and case folding is likely safe, > but I > don't really see m

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Viktor Dukhovni
On Fri, Aug 15, 2014 at 11:43:51AM -0400, Salz, Rich wrote: > Does ANYONE think that case-sensitive cipher names are good idea? > > Someone who types TLSV1:RC4-MD5 will find things working, but is > likely to be surprised by how weakly-protected they are. The case makes some things more clear:

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Walter H.
Hello On 15.08.2014 17:43, Salz, Rich wrote: Does ANYONE think that case-sensitive cipher names are good idea? this is a bad idea; or can you explain the difference between tlsv1:rc4-md5 and TLSV1:RC4-MD5? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surp

Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
Does ANYONE think that case-sensitive cipher names are good idea? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surprised by how weakly-protected they are. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me