Hi,

On 14-08-17 12:36, David Sommerseth wrote:
> On 01/07/17 13:29, Steffan Karger wrote:
>> The --keysize option can only be used with already deprecated ciphers,
>> such as CAST5, RC2 or BF.  Deviating from the default keysize is
>> generally not a good idea (see man page text), and otherwise only
>> complicates our code.>
>> (If this patch is accepted, I'll send a follow-up patch to remove the
>> option from the master branch.)
> 
> I agree to the wanted intention of this change.  But, it hits badly if
> we remove --keysize on configurations still enforcing BF-CBC with
> --keysize 256.  I don't have any numbers of how many users uses it; but
> I know many have preferred BF-CBC for a long time - at least before
> SWEET32 came and hit us all.  Bare in mind that BF-CBC was the default
> since 2002-ish (probably even longer, if considering the OpenVPN v1.x
> branch). And many have added --cipher BF-CBC in their configs despite it
> was the default.
> 
> As long as BF-CBC is available, we cannot remove --keysize.  And to
> remove BF-CBC support, I think that needs a bit longer timespan than
> v2.5.  Users *must* be far better prepared for that and we need to make
> loud and clear announcements with such a change.
> 
> Yes, in all this, I know that NCP is a nice rescue.  As long as everyone
> either runs v2.4 everywhere or deploys --ncp-ciphers and starts the
> migration.  But I've lost confidence that the vast majority of our users
> pays closely attention to such feature changes - thus they won't notice
> until it stops working.  We need to PUSH this information into their
> faces, with large posters carrying promises of rainbow coloured unicorns
> if they comply today(!).  In addition to adding clear warnings in the
> log files for a looong time.
> 
> So I propose:
> 
> - We add the warning about removing --keysize for both v2.4 and v2.5.
> 
> - Add a warning in v2.4 and v2.5 that ciphers with block sizes < 128
>   bits will be *removed* in v2.6
> 
> - When removing those ciphers in v2.6, we can remove --keysize together
>   with the ciphers, as it will no longer be valid.  But --keysize needs
>   to be a NOP for some time (with a warning it has no effect), to avoid
>   OpenVPN stopping to run on upgrades.

Okay.  Instead of sending the keysize removal patch, I'll send a patch
that warns that small block ciphers will be removed in 2.6.

Can you then do s/2.5/2.6/ on the patch, or shall I send a v2?

-Steffan

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to