On Tue, May 26, 2020 at 09:26:07PM +0200, Sven M. Hallberg wrote:
> hi all,
>
> i sent the following question to misc@ on march 29th but received no
> response. i hope you don't mind me retrying on tech@.
>
> while playing around with pf, i noticed that some connections that i
> thought should
On Fri, May 15, 2020 at 01:59:35AM +0200, Tobias Heider wrote:
> On Thu, May 14, 2020 at 10:47:52PM +0200, Tobias Heider wrote:
> > On Thu, May 14, 2020 at 10:07:30PM +0200, Tobias Heider wrote:
> > > Hi,
> > >
> > > currently iked(8) supports AES-GCM only for ESP.
> > > The diff below adds the
On Thu, May 14, 2020 at 10:47:52PM +0200, Tobias Heider wrote:
> On Thu, May 14, 2020 at 10:07:30PM +0200, Tobias Heider wrote:
> > Hi,
> >
> > currently iked(8) supports AES-GCM only for ESP.
> > The diff below adds the ENCR_AES_GCM_16 and ENCR_AES_GCM_12 variants for
> > IKE.
> > (for more
Hi *,
I was wondering why there is no dead peer detection implemented for iked ?
Is it just due to lack of time ? Or are there good reasons to dismiss directly
implemented dpd in iked ?
Because technically one has the option to just use ifstated.
I'm just being curios here.
Thanks for your
I know Theo, Tobias told me a few mails back. I was joking...
On Sat, May 02, 2020 at 07:32:43AM -0600, Theo de Raadt wrote:
> Stephan Mending wrote:
>
> > On 02/05/2020 02:58, Theo de Raadt wrote:
> >
> > > Stephan Mending wrote:
> > >
> > >&g
On 02/05/2020 02:58, Theo de Raadt wrote:
Stephan Mending wrote:
I don't get how this could be ?
then go study.
I think I've struck a nerve right here. I'm sorry to have caused you
high blood pressure by sending this diff. I do not doubt the competency
of you or the other developers
rfc2104
[2] https://cseweb.ucsd.edu/~mihir/papers/hmac-new.html
Thank you so much for your detailed response. I absolutely appreciate it.
On 02/05/2020 00:03, Tobias Heider wrote:
On Fri, May 01, 2020 at 11:35:23PM +0200, Stephan Mending wrote:
Hi *,
this diff removes SHA1 as default
On 02/05/2020 00:40, Stuart Henderson wrote:
On 2020/05/02 00:23, Stephan Mending wrote:
Hi,
I actually read your thread. By what I understood you're at the moment
trying to change a few defaults.
That was the reason I wanted to add SHA1 for removal. I just thought it
deserved a seperate
g. How can it be that this doesn't apply for iked ?
g,
Stephan
On 02/05/2020 00:03, Tobias Heider wrote:
On Fri, May 01, 2020 at 11:35:23PM +0200, Stephan Mending wrote:
Hi *,
this diff removes SHA1 as default transform for integrity algorithms.
It's been broken long enough. Let's at least get rid of it
Hi *,
this diff removes SHA1 as default transform for integrity algorithms.
It's been broken long enough. Let's at least get rid of it in iked's
defaults.
SHA1 is officially broken since 2011 and there have been doubts about it
since 2005.
Though using SHA1 in combination with HAMC as
> Subject: Re: AEAD Suites in IKEX (iked) and Phase 1 (isakmpd)
> To: Stephan Mending
> Cc: tech@openbsd.org
>
> On Mon, Apr 20, 2020 at 12:52:24PM +0200, Stephan Mending wrote:
> > Hi,
> > I was wondering if there was a reason why there are no AEAD Suites
> > imple
Hi,
I was wondering if there was a reason why there are no AEAD Suites implemented
for initial IKEX in iked or phase 1 in isamkmpd ? Even though iked's childSAs
support it and Phase 2 in isakmpd does as well ? Is it just lack of time ?
Because for example strongswan does exactly support that.
12 matches
Mail list logo
