On 14/08/17 13:17, Steffan Karger wrote:
> Hi,
> 
> On 14-08-17 12:36, David Sommerseth wrote:
>> On 01/07/17 13:29, Steffan Karger wrote:
>>> The --keysize option can only be used with already deprecated ciphers,
>>> such as CAST5, RC2 or BF.  Deviating from the default keysize is
>>> generally not a good idea (see man page text), and otherwise only
>>> complicates our code.>
>>> (If this patch is accepted, I'll send a follow-up patch to remove the
>>> option from the master branch.)
>>
>> I agree to the wanted intention of this change.  But, it hits badly if
>> we remove --keysize on configurations still enforcing BF-CBC with
>> --keysize 256.  I don't have any numbers of how many users uses it; but
>> I know many have preferred BF-CBC for a long time - at least before
>> SWEET32 came and hit us all.  Bare in mind that BF-CBC was the default
>> since 2002-ish (probably even longer, if considering the OpenVPN v1.x
>> branch). And many have added --cipher BF-CBC in their configs despite it
>> was the default.
>>
>> As long as BF-CBC is available, we cannot remove --keysize.  And to
>> remove BF-CBC support, I think that needs a bit longer timespan than
>> v2.5.  Users *must* be far better prepared for that and we need to make
>> loud and clear announcements with such a change.
>>
>> Yes, in all this, I know that NCP is a nice rescue.  As long as everyone
>> either runs v2.4 everywhere or deploys --ncp-ciphers and starts the
>> migration.  But I've lost confidence that the vast majority of our users
>> pays closely attention to such feature changes - thus they won't notice
>> until it stops working.  We need to PUSH this information into their
>> faces, with large posters carrying promises of rainbow coloured unicorns
>> if they comply today(!).  In addition to adding clear warnings in the
>> log files for a looong time.
>>
>> So I propose:
>>
>> - We add the warning about removing --keysize for both v2.4 and v2.5.
>>
>> - Add a warning in v2.4 and v2.5 that ciphers with block sizes < 128
>>   bits will be *removed* in v2.6
>>
>> - When removing those ciphers in v2.6, we can remove --keysize together
>>   with the ciphers, as it will no longer be valid.  But --keysize needs
>>   to be a NOP for some time (with a warning it has no effect), to avoid
>>   OpenVPN stopping to run on upgrades.
> 
> Okay.  Instead of sending the keysize removal patch, I'll send a patch
> that warns that small block ciphers will be removed in 2.6.
>
> Can you then do s/2.5/2.6/ on the patch, or shall I send a v2?

Yes, I can do that.  I'll also remove the remark ("If this is
accepted...") from the commit message too, commit to master and
cherry-pick to release/2.4.  I'll also use the term "OpenVPN v2.6"
everywhere, to be more precise in the statements.

But we will need to get started on the planning of the public stunts
too.  Getting a wiki page in place would be a nice starting point though.


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to