MJ [m...@sci.fi] wrote:
> 
> Thanks Chris for your response and yes, you make a good point regarding 
> compatibility.
> 
> I am by far a crypto expert, but these issues have been anyway on my mind as 
> of late. So bear with me, but would it be possible to switch /dev/crypto to 
> be an interface to an autocipher engine where both OpenSSL and NaCl ciphers 
> could be supported via e.g. /etc/autocipher.conf and then change all 
> crypto-enabled apps to use /dev/crypto and only /dev/crypto as the interface? 
> This approach could highly simplify the crypto operations in all of the 
> associated daemons/tools included in Base, as well Ports could slowly 
> converted to use the same interface. This is precisely the approach that is 
> being taken in Ethos operating system which is being designed from the ground 
> up to withstand cryptographic attack. Given the current status quo 
> (widespread compromise of our computing base by 3 letter agencies), this 
> starts to sound a bit less paranoid of an approach.
> 
> Or have I got something wrong? Again, I am open to any sort of response.
> 

OpenBSD has already began incorporating NaCl by bypassing OpenSSL entirely.

I can't speak for the architectural issues but I can't imagine that I or you
are the only people imagining better cipher suites in the base system.

Reply via email to