On 2016-02-13 05:09 PM, Ryan Harper wrote: > On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <[email protected]> wrote: > >> great! starts now :-) >> >> what about the chapoly plugin? can you enable it in the extra package? >> it would be very important for me! >> > > I can look at enabling it. It's new in 5.3.5.
+1 ChaCha20/Poly1305 actually made it in 5.3.3 [1] and I haven't heard of any problem on the mailing list. > If enabled, can you test and confirm it works? I too would be glad to give it a spin and report about it. > Looks like something quite interesting. > https://en.wikipedia.org/wiki/Poly1305 Indeed! Chacha20 and Poly1305 are cool and getting quite some traction these days [2]. > Comments here in the Debian bug indicate that this requires at least 4.2 > kernel. For the IKE part, the kernel version shouldn't matter. For the ESP part, you indeed need a recent kernel or you can always use the userspace implementation (libipsec). libipsec support is very cool (thanks for enabling it!) as it should allow running a IPsec in containers. > For Xenial, this will be sufficient I suppose. > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787 The reporter was looking for NTRU (enabled in your PPA build IIRC) and BLISS. That said, I'm sure the reporter would welcome having another AEAD cipher available because they are well regarded [3] in terms of security. Thanks, Simon 1: https://wiki.strongswan.org/versions/58 2: https://en.wikipedia.org/w/index.php?title=Salsa20&redirect=no#ChaCha20_adoption 3: https://www.imperialviolet.org/2015/05/16/aeads.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
