-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 control: severity -1 important
On Mon, 2026-04-06 at 12:48 -0400, Paul Tagliamonte wrote: > I've been slowly working to replace algorithms I rely on with PQC > resistant algorithms. strongSwan 6.0.0 contained optional ML-KEM > support, which we didn't enable (likely because it's an obscure looking > flag). > > I've patched strongSwan to build the ml plugin, which I added to > libstrongswan-extra-plugins, as is our convention. Attached is a > debdiff. Hi Paul, thanks for the bug and the patch. I've not yet enabled the PQC algorithms support not particularly because it's an obscure flag but rather because of the maturity of that support (we have had experimental algorithms in strongSwan since quite a while). I'm definitely in favor of enabling those, and have them settled for Forky but I'm not entirely sure yet which ones to enable and where (which package) to put them. I especially need to check if it's possible to setup and maybe enforce hybridation. I'll not just apply your patch asap but I'll keep it in mind in the following months (feel free to bug me about it if I don't follow up soon enough) while thinking about it along with upstream. Thanks again for the reminder and the patch! Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmnUq2cACgkQ3rYcyPpX RFtrewgAjLGAJ+hw/wvWen4/mFSqJRpnQhZOkQamIXgl9QtqVA8QLXUSx1XlBR6n FyWV0Ae7BZnGroFxOtPtuf1wpHBDrPneP6fJ3DgDC7sByz/xFSE9sxnQgg6T8t+F yT2FyheGfcaXGLhqzzLVufMdwf0ZLNtQLcviVYHQWIzc/S5sD6b3Q+ByEiUldOxQ yeWLORlC+rXEcwK/Y8oOtlds0qJlmNR/NLgZ+LjH5WJ2kJPoZmgGFx4AqxmrNguA x6L9Q1dhaQB9jp4nAiSfpCd1OeEbVkVSkSohlzwTx9Z3WLwWFtcHv8y5pvMNTZYJ 7XkWDWnusm9tRGCYM/Cluq8vTMIJww== =MRMi -----END PGP SIGNATURE-----
