On 09.04.20 12:50, Jan Just Keijser wrote: >> I wasn't suggesting to use OpenVPN-PSK, quite frankly I find it's super >> crappy. But I do think it's worthwhile pointing out that symmetric PSK >> is NOT at all the same as asymmetric PSK. > > without getting into a discussion about symmetric vs asymmetric > pre-shared keys, my remark about using PSK is that , well, they need to > be *pre-shared* ... so you've simply moved your key distribution and > generation step from TLS/RSA to some other mechanism. > If your method for distributing PSKs is broken (like some people argue > that TLS+RSA will be broken when quantum computers become generally > available) then it does not matter what crypto module you use
Entirely agreed, but: that applies to all mechanism of exchange. If you do not have some form of trusted channel over which you can exchange some kind of data, there's no possibility to create an ultimately secure connection. If you're using PKI and are transmitting your root certificates over an insecure line, they can be compromised just like a raw public key could be. This is no drawback of either PSK or PKI, it's a fundamental principle. > I'd rephrase that: not every advance in a TLS library does > automatically add that capability to OpenVPN. > > What I mean by that is that some of the newer algorithms in OpenSSL (or > mbedTLS) *DO* become available in OpenVPN automatically (e.g. > ARIA-256-GCM from OpenSSL 1.1.1) . But you are absolutely right in the > sense that it is a shame that some many new developments in a crypto lib > (like GCM modes and AEAD ciphers) take such a long time to get added to > OpenVPN. > I don't quite grap why chacha20 is not available in OpenVPN - it seems > to be "just another" AEAD cipher, but I am sure that Steffan can shed > light on this. Hm, interesting. Yeah from the API perspective I do not know why ChaCh20/Poly1305 should be different than any other AEAD stream cipher. Especially when you already have support for GCM, which essentially makes the underlying block cipher behave as a stream cipher, the API should be identical. Maybe I'm missing something here. All the best, Jo _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
