[Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
Simon Déziel
1535951 at bugs.launchpad.net
Sun Feb 14 01:51:29 UTC 2016
On 2016-02-13 05:09 PM, Ryan Harper wrote:
> On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <tempusfugit991 at gmail.com> wrote:
>
>> great! starts now :-)
>>
>> what about the chapoly plugin? can you enable it in the extra package?
>> it would be very important for me!
>>
>
> I can look at enabling it. It's new in 5.3.5.
+1
ChaCha20/Poly1305 actually made it in 5.3.3 [1] and I haven't heard of
any problem on the mailing list.
> If enabled, can you test and confirm it works?
I too would be glad to give it a spin and report about it.
> Looks like something quite interesting.
> https://en.wikipedia.org/wiki/Poly1305
Indeed! Chacha20 and Poly1305 are cool and getting quite some traction
these days [2].
> Comments here in the Debian bug indicate that this requires at least 4.2
> kernel.
For the IKE part, the kernel version shouldn't matter. For the ESP part,
you indeed need a recent kernel or you can always use the userspace
implementation (libipsec).
libipsec support is very cool (thanks for enabling it!) as it should
allow running a IPsec in containers.
> For Xenial, this will be sufficient I suppose.
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787
The reporter was looking for NTRU (enabled in your PPA build IIRC) and
BLISS. That said, I'm sure the reporter would welcome having another
AEAD cipher available because they are well regarded [3] in terms of
security.
Thanks,
Simon
1: https://wiki.strongswan.org/versions/58
2:
https://en.wikipedia.org/w/index.php?title=Salsa20&redirect=no#ChaCha20_adoption
3: https://www.imperialviolet.org/2015/05/16/aeads.html
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1535951
Title:
Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions
More information about the Ubuntu-server-bugs
mailing list