Clarify plans for gost implementation
I am living in post-USSR country and know what political question "gost" is a part of. "Standards" related to gost are weak and partially proprietary, you can find more information about s-box genesis here for example. I won't provide more redundant information, but protection against gost support is a strong question for many people, not only for me.
ENABLE_GOST option disabled by default and everything is fine. But recent commits into
nettle breaks everything. Today gost is enabled by default in
I am sure that russian goverenment will keep integration of gost in other software and regular users like me won't be able to fight with it tomorrow. So I want to add same
IF_GOST flag for
nettle. If some software won't build with
openssl (with gost disabled) - i won't use it before removing mandatory gost support.
I've provided patch to Niels Möller (nettle developer) and he asked to clarify plans about gost implementation in
I don't know what the gnutls team's plans are for this option. From my perspective, as long as the gost ecc code in gnutls accesses nettle's ecc internals, not supported by the nettle abi, it's essentlial that gnutls' gost code isn't enabled by default and doesn't get into binary distributions. But that's not reason to keep the option if/when all the gost curves are suppported in nettle.
Please clarify plans for gost implementation. Thank you.