IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TLS considering an rc4-die-die-die draft
Damien Miller <djm%mindrot.org@localhost> writes:
> OpenSSH will turn RC4 off soon - we're just trying to figure out how
> to do it gently enough that working configurations don't suddenly break
> yet firmly enough that people actually move to a better cipher.
What breakage do you expect? Servers configured to support no other
cipher than arcfour, probably from some (possibly misguided) performance
argument?
> We'll be recommending chacha20-poly1305%openssh.com@localhost as a replacment
> where both ends upport it.
If I have understood correctly, openssh uses the original definition of
chacha with 64-bits each for nonce and counter, while recent ietf drafts
specify a 96-bit nonce and only 32 bits for the counter. Is that right?
I think support for chacha-poly1305 is highly desirable, but it seems a
bit messy with specifications still in flux.
Best regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index