removing bdes..

[Slawa Olhovchenkov]

On Tue, Feb 10, 2015 at 02:18:34PM -0800, Xin Li wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 02/10/15 12:39, Slawa Olhovchenkov wrote:
> > bdes have exploit? or have bad code (mktmp. fgets)? openssl (with
> > strong encryption algorithms) full of known expoit.
> 
> bdes(1) is known broken for certain (rare) encryption modes:
> 
> 	https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=149412

Good points, thanks.

> And nobody cared.

I am need to understand FreeBSD team policy.
Before this none will be removed from base.
Removed because broken and nobody cares -- I am fully appreciate.
Removed because implement weak algorithm -- I am dislike this: next
step remove any unencryped and broken compatibility and
interoperability (like LibreSSL break LANMAN hash support in
OpenLDAP).

> Its functionality can be implemented using openssl's command line

[not bdes advocate] compatibility tested?
(And yes, I am not use bdes, I am only ack for protocol).

> utility, and keep in mind that's an obsolete standard for many years
> anyways.

[not bdes advocate] somebody may have very old archive and need too
access.

> We don't want to keep multiple implementations of same cryptographic
> functionality anyways, it's just bad regardless if they are obsolete
> or not, and bdes(1) have shown exactly why it's bad.

Yes, I see.