× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2017

Re: SSL Cipher Support and V7R1... and so it begins

If as you say the foundation needed to add these ciphers was there and it was a 'straightforward effort' to add the new ciphers then I would fully expect IBM to review that. Perhaps in that case code written for i 7.2 might fit nicely into i 7.1 for example. In such a case I would not be surprised at all for IBM to PTF it in there.

I'm not trying to say that the instant they declare "Fix only" support that absolutely zero enhancements would ever be added. I am saying that adding these ciphers DOES constitute an enhancement, not a break-fix. As such IBM can say No to adding them. Because it potentially affects a large group though if it was easy I expect they would do it.

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 7/11/2017 4:17 PM, John Yeung wrote:
On Tue, Jul 11, 2017 at 2:09 PM, DrFranken <midrange@xxxxxxxxxxxx> wrote:
Working as designed, yes. Does the design need updating? Perhaps it does and
if so, the program isn't broken, it merely needs a new version to address
new requirements.

OK. So you don't seem to want to even acknowledge that reasonable
people could disagree on when to use the word "fix". I'll cede that
dead horse to you, then.

Here's another articulation of why I feel put off when IBM (or its
advocates) invoke the "we'll only do fixes" rationale. And before I
get too far, I know people either are just joining in or have
completely forgotten what was written previously, so I'll repeat:

I believe IBM is completely justified in not adding the new ciphers to
7.1. That's not a point of contention for me.

Rob pointed out what I consider very good justification:

"And, once again, if you read the what's new in 7.2 related to this
area you will find they added some underlying support to even allow
them to support the new ciphers. It was pervasive enough it couldn't
just be done with a PTF."

He also gave some links for further reading on why 7.2 is so much
better equipped for handling the new ciphers. It's pretty clear that
bringing 7.1 "up to snuff" would require quite a lot of effort and
wouldn't be worth it at this late stage in 7.1's life cycle.

But let's imagine for a moment that 7.1's design were such that it
*would* be pretty easy to provide the new ciphers. Let's say it would
be a small project on IBM's part, and patching 7.1 would require just
one PTF. Would IBM provide the PTF then?

If IBM offers extra-cost extended maintenance (I am not sure if IBM is
doing this for 7.1, but for this exercise, let's pretend they are),
would the PTF at least be made available to those who are paying
(perhaps through the nose) for the extended maintenance?

What bugs me is that the "we'll only do fixes, and this is not a fix"
policy means that even if it were easy and cheap, and even potentially
profitable for IBM, they *still* wouldn't provide the new ciphers. On
the grounds that they don't *call* it a fix, no matter what the
security community or loyal, paying customers might think.

John Y.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.