From: Romano <unobe@cpan.org>
To: 9front@9front.org,cinap_lenrek@felloff.net
Subject: Re: [9front] [PATCH] ssh.c algorithm negotiation + ssh-dss key exchange
Date: Sat, 13 Jun 2020 00:18:36 +0000 [thread overview]
Message-ID: <5197783A-91DD-40F7-AAAC-97D58E6DAA6D@cpan.org> (raw)
In-Reply-To: <46EAF705F4A303B4565307D8950670A3@felloff.net>
Thanks Cinap!
We discussed a bit on irc, but wanted to thank you again for your feedback. RFC8709 is now published for ssh-ed25519. My comment was indicating that while 3des-cbc is required, I haven't seen it supported. And I meant to imply chacha20-poly1305 as the stronger algorithm implied by the RFC.
On June 12, 2020 10:58:41 PM UTC, cinap_lenrek@felloff.net wrote:
>no. we'r not going to bring back dsa from the grave.
>
>are you sure rsync.net does not support rsa keys?
>
>they give an example on ther website how to generate a keypair
>using 4096-bit rsa as an example:
>
>https://rsync.net/resources/howto/ssh_keys.html
>
>introducing edwards-curve support should go into libsec,
>and we'd need to add factotum support.
>
>this stuff is fun, but tricky to get right.
>
>we already implemented edwards curves for dp9ik using libmp,
>the reason i havnt added edwards curve support for tls is
>that the intrgration is quite a bit tricky and the standard
>was still in draft at the time.
>
>on the code, it adds quite alot of lines. i hate pointer
>typedefs and i dont like the introduction of global "pub"
>variable. and all these if(strcmp())'s.
>
>also there are some misleading comments:
>
>+ /*
>+ 'At some future time, it is expected that another algorithm, one with
>better
>+ strength, will become so prevalent and ubiquitous that the use of
>+ "3des-cbc" will be deprecated by another STANDARDS ACTION.' - RFC4253
>+ No standards action has yet deprecated it, but have not seen it
>supported
>+ by default in any server.
>+ */
>+ algsp->cipher = "chacha20-poly1305@openssh.com";
>
>what is that supposed to mean? what has 3des todo with
>chacha20-poly1305?
>
>are you trying to indicate that the IETF is going to deprecate it?
>
>--
>cinap
next prev parent reply other threads:[~2020-06-13 0:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-12 20:35 Romano
2020-06-12 22:58 ` [9front] " cinap_lenrek
2020-06-13 0:18 ` Romano [this message]
2020-06-13 8:38 ` hiro
2020-06-13 16:32 ` Romano
2020-06-13 16:39 ` ori
2020-06-13 16:46 ` Romano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5197783A-91DD-40F7-AAAC-97D58E6DAA6D@cpan.org \
--to=unobe@cpan.org \
--cc=9front@9front.org \
--cc=cinap_lenrek@felloff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).