From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pb-smtp1.pobox.com ([64.147.108.70]) by ewsd; Fri Jun 12 20:18:42 EDT 2020 Received: from pb-smtp1.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id A004F7D9F2; Fri, 12 Jun 2020 20:18:39 -0400 (EDT) (envelope-from unobe@cpan.org) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=sasl; bh=BWhUHl7tEME9gZS7bZhgHiqSW1A=; b=U1NrkhqMnCMT/sQ4FjX59Xj3pPo6 R6zrFf5wozevu3SQKNsANaDhnU3iL90uYt51vj1WCcIDuqMFod20Dxf3FaVP7p36 sRDbs/WG04BZKPqpz9SK6r47ogXOat7hlUxSw3/4Ub3QQGYYCtPo384X5+6vwPjf e8w59fcaa3nZMbc= Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 989C07D9F1; Fri, 12 Jun 2020 20:18:39 -0400 (EDT) (envelope-from unobe@cpan.org) Received: from [10.0.1.31] (unknown [137.25.138.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id DB0197D9EF; Fri, 12 Jun 2020 20:18:38 -0400 (EDT) (envelope-from unobe@cpan.org) Date: Sat, 13 Jun 2020 00:18:36 +0000 In-Reply-To: <46EAF705F4A303B4565307D8950670A3@felloff.net> References: <46EAF705F4A303B4565307D8950670A3@felloff.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [9front] [PATCH] ssh.c algorithm negotiation + ssh-dss key exchange To: 9front@9front.org,cinap_lenrek@felloff.net From: Romano Message-ID: <5197783A-91DD-40F7-AAAC-97D58E6DAA6D@cpan.org> X-Pobox-Relay-ID: 6DF32AD4-AD0B-11EA-8339-C28CBED8090B-09620299!pb-smtp1.pobox.com List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: managed scale-out AJAX extension-scale standard Thanks Cinap! We discussed a bit on irc, but wanted to thank you again for your feedback= =2E RFC8709 is now published for ssh-ed25519=2E My comment was indicating = that while 3des-cbc is required, I haven't seen it supported=2E And I meant= to imply chacha20-poly1305 as the stronger algorithm implied by the RFC=2E On June 12, 2020 10:58:41 PM UTC, cinap_lenrek@felloff=2Enet wrote: >no=2E we'r not going to bring back dsa from the grave=2E > >are you sure rsync=2Enet does not support rsa keys? > >they give an example on ther website how to generate a keypair >using 4096-bit rsa as an example: > >https://rsync=2Enet/resources/howto/ssh_keys=2Ehtml > >introducing edwards-curve support should go into libsec, >and we'd need to add factotum support=2E > >this stuff is fun, but tricky to get right=2E > >we already implemented edwards curves for dp9ik using libmp, >the reason i havnt added edwards curve support for tls is >that the intrgration is quite a bit tricky and the standard >was still in draft at the time=2E > >on the code, it adds quite alot of lines=2E i hate pointer >typedefs and i dont like the introduction of global "pub" >variable=2E and all these if(strcmp())'s=2E > >also there are some misleading comments: > >+ /* >+ 'At some future time, it is expected that another algorithm, one with >better >+ strength, will become so prevalent and ubiquitous that the use of >+ "3des-cbc" will be deprecated by another STANDARDS ACTION=2E' - RFC4253 >+ No standards action has yet deprecated it, but have not seen it >supported >+ by default in any server=2E >+ */ >+ algsp->cipher =3D "chacha20-poly1305@openssh=2Ecom"; > >what is that supposed to mean? what has 3des todo with >chacha20-poly1305? > >are you trying to indicate that the IETF is going to deprecate it? > >-- >cinap