On 2016-02-13 05:09 PM, Ryan Harper wrote:
> On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <email address hidden> wrote:
>
>> great! starts now :-)
>>
>> what about the chapoly plugin? can you enable it in the extra package?
>> it would be very important for me!
>>
>
> I can look at enabling it. It's new in 5.3.5.
+1
ChaCha20/Poly1305 actually made it in 5.3.3 [1] and I haven't heard of
any problem on the mailing list.
> If enabled, can you test and confirm it works?
I too would be glad to give it a spin and report about it.
Indeed! Chacha20 and Poly1305 are cool and getting quite some traction
these days [2].
> Comments here in the Debian bug indicate that this requires at least 4.2
> kernel.
For the IKE part, the kernel version shouldn't matter. For the ESP part,
you indeed need a recent kernel or you can always use the userspace
implementation (libipsec).
libipsec support is very cool (thanks for enabling it!) as it should
allow running a IPsec in containers.
The reporter was looking for NTRU (enabled in your PPA build IIRC) and
BLISS. That said, I'm sure the reporter would welcome having another
AEAD cipher available because they are well regarded [3] in terms of
security.
On 2016-02-13 05:09 PM, Ryan Harper wrote:
> On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <email address hidden> wrote:
>
>> great! starts now :-)
>>
>> what about the chapoly plugin? can you enable it in the extra package?
>> it would be very important for me!
>>
>
> I can look at enabling it. It's new in 5.3.5.
+1
ChaCha20/Poly1305 actually made it in 5.3.3 [1] and I haven't heard of
any problem on the mailing list.
> If enabled, can you test and confirm it works?
I too would be glad to give it a spin and report about it.
> Looks like something quite interesting. /en.wikipedia. org/wiki/ Poly1305
> https:/
Indeed! Chacha20 and Poly1305 are cool and getting quite some traction
these days [2].
> Comments here in the Debian bug indicate that this requires at least 4.2
> kernel.
For the IKE part, the kernel version shouldn't matter. For the ESP part,
you indeed need a recent kernel or you can always use the userspace
implementation (libipsec).
libipsec support is very cool (thanks for enabling it!) as it should
allow running a IPsec in containers.
> For Xenial, this will be sufficient I suppose. /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 803787
>
> https:/
The reporter was looking for NTRU (enabled in your PPA build IIRC) and
BLISS. That said, I'm sure the reporter would welcome having another
AEAD cipher available because they are well regarded [3] in terms of
security.
Thanks,
Simon
1: https:/ /wiki.strongswa n.org/versions/ 58 /en.wikipedia. org/w/index. php?title= Salsa20& redirect= no#ChaCha20_ adoption /www.imperialvi olet.org/ 2015/05/ 16/aeads. html
2:
https:/
3: https:/