On 17 Jan 2014, at 06.05, Philip Guenther wrote:
> Ah, so if NIST looked at work done by someone completely unrelated to
> NIST and said "looks good, we'll standardize exactly what you did",
> you think that it's now contaminated by NISTs talking about it? For
> example, AES, which was designed b
On 18 Jan 2014, at 01.13, Christopher Ahrens wrote:
>
> In reality, I don't give a shit about any else who doesn't
> pay me, make my life easier or make my life more enjoyable.
Its a rare moment when I feel the need to publicly bitch-slap someone, but
you triggered it.
That statement alone, an
> No, I'm not a native speaker, some of the pronouns still confuse me.
> By 'we' I meant one of us in the community that would be willing to do
> it, despite no real justification other than paranoia, not the
> community as a whole.
There are no OpenBSD developers who can do what you propose.
>
Theo de Raadt wrote:
MJ wrote:
On 17 Jan 2014, at 17.30, Christian Weisgerber wrote:
As guenther@ has pointed out, refusing all crypto covered by that
definition is silly. But even if you limit yourself to the
specification part, you should be very disappointed about the newly
added Curve255
0
>To: MJ , Christian Weisgerber
>CC: misc
>Subject: Re: NIST-free crypto, autociphering, and libsodium (NaCl)
>References: <86498b82-c1d0-4249-bd43-a8d5106af...@sci.fi>
>
>
>
><5a70c879-ab77-4833-9d60-9a9bb5ba1...@sci.fi>
>In-Reply-To: <5a70c879-ab77-48
MJ wrote:
On 17 Jan 2014, at 17.30, Christian Weisgerber wrote:
As guenther@ has pointed out, refusing all crypto covered by that
definition is silly. But even if you limit yourself to the
specification part, you should be very disappointed about the newly
added Curve25519 key exchange and Ed
On 17 Jan 2014, at 17.30, Christian Weisgerber wrote:
>
> As guenther@ has pointed out, refusing all crypto covered by that
> definition is silly. But even if you limit yourself to the
> specification part, you should be very disappointed about the newly
> added Curve25519 key exchange and Ed255
MJ wrote:
> > What is "NIST crypto"?
>
> Are you serious or just being facetious? I basically used it as an
> umbrella term to include all of the crypto in which the US government
> has had their hand involved in it's specification, implementation,
> approval, standardisation, etc and so forth.
On Thu, Jan 16, 2014 at 7:12 PM, MJ wrote:
> On 17 Jan 2014, at 00.54, Christian Weisgerber wrote:
>
>> MJ wrote:
>>
>>> I would like to inquire as to which OpenBSD RELEASE will offer the
>>> possibility
>>> to avoid NIST crypto for everything in Base (isakmpd, openssh, openssl,
>>> https,
>>>
On 17 Jan 2014, at 00.54, Christian Weisgerber wrote:
> MJ wrote:
>
>> I would like to inquire as to which OpenBSD RELEASE will offer the
>> possibility
>> to avoid NIST crypto for everything in Base (isakmpd, openssh, openssl,
>> https,
>> nginx being the key items in mind)?
>
> What is "NI
On 16 Jan 2014, at 23.55, Chris Cappuccio wrote:
>
> All until we learn from the newest Snowden slide that Dan Bernstein is
> actually on the NSA payroll :)
>
All your DJBs belong to us!
On 16 Jan 2014, at 20.49, Nicolai wrote:
>
> Things are moving in the right direction! The last six months have seen
> MAJOR improvements in crypto. If you want to be a part of it, pick up
> DNSCrypt or DNSCurve. Get a recent Chromium and play with QUIC. Read
> about MinimaLT. Strong, fast en
MJ wrote:
> I would like to inquire as to which OpenBSD RELEASE will offer the possibility
> to avoid NIST crypto for everything in Base (isakmpd, openssh, openssl, https,
> nginx being the key items in mind)?
What is "NIST crypto"?
> As it stands, there is currently cipher-suite negotiation /
On Thu, Jan 16, 2014 at 9:01 AM, MJ wrote:
> So bear with me, but would it be possible to switch /dev/crypto to be an
> interface to an autocipher engine where both OpenSSL and NaCl ciphers could
> be supported via e.g. /etc/autocipher.conf and then change all crypto-enabled
> apps to use /dev/
Nicolai [nicolai-om...@chocolatine.org] wrote:
>
> As for your point, there's a lot of interest in and support for NaCl.
> For example, Curve25519 is now in a bunch of stuff like OpenSSH, Tor,
> Chromium and DNSCurve. Salsa20 and ChaCha20 are getting big. It's
> happening. Now that people are m
MJ [m...@sci.fi] wrote:
>
> On 16 Jan 2014, at 20.24, Chris Cappuccio wrote:
> >
> > Block traffic with specific ciphers from traversing the network? That's
> > sci.fi
> >
>
> You?re right again - this stuff is futuristic but could potentially be
> accomplished via inspection of unencrypted
On 16 Jan 2014, at 20.24, Chris Cappuccio wrote:
>
> Block traffic with specific ciphers from traversing the network? That's sci.fi
>
You’re right again - this stuff is futuristic but could potentially be
accomplished via inspection of unencrypted packet headers, etc (i.e. via
packet-pattern/
On Thu, Jan 16, 2014 at 01:24:09PM +0200, MJ wrote:
> Hello,
>
> I would like to inquire as to which OpenBSD RELEASE will offer the possibility
> to avoid NIST crypto for everything in Base (isakmpd, openssh, openssl, https,
> nginx being the key items in mind)?
Hi MJ,
Base must be interoperable
On 16 Jan 2014, at 19.17, Chris Cappuccio wrote:
> OpenBSD has already began incorporating NaCl by bypassing OpenSSL entirely.
Good news - perhaps my philosophy is “why lay a lot of small bricks here and
there when you can lay a cornerstone and be done with it?”. But perhaps I am
not taking all
MJ [m...@sci.fi] wrote:
>
> On 16 Jan 2014, at 19.17, Chris Cappuccio wrote:
> > OpenBSD has already began incorporating NaCl by bypassing OpenSSL entirely.
>
> Good news - perhaps my philosophy is ?why lay a lot of small bricks here and
> there when you can lay a cornerstone and be done with i
MJ [m...@sci.fi] wrote:
>
> Thanks Chris for your response and yes, you make a good point regarding
> compatibility.
>
> I am by far a crypto expert, but these issues have been anyway on my mind as
> of late. So bear with me, but would it be possible to switch /dev/crypto to
> be an interface
On 16 Jan 2014, at 18.23, Chris Cappuccio wrote:
>
> For instance, you may have noticed that OpenSSH is moving towards an
> openssl-free mode by importing NaCl components directly?
>
> One problem with abandoning OpenSSL is that you lose SSL, TLS, (oh, and
> everything has to be rewritten to use
On 16 Jan 2014, at 18.23, Chris Cappuccio wrote:
> For instance, you may have noticed that OpenSSH is moving towards an
> openssl-free mode by importing NaCl components directly?
>
> One problem with abandoning OpenSSL is that you lose SSL, TLS, (oh, and
> everything has to be rewritten to use N
MJ [m...@sci.fi] wrote:
> Hello,
>
> I would like to inquire as to which OpenBSD RELEASE will offer the possibility
> to avoid NIST crypto for everything in Base (isakmpd, openssh, openssl, https,
> nginx being the key items in mind)?
>
> BTW, looks like things are heading in the right direction
Hello,
I would like to inquire as to which OpenBSD RELEASE will offer the possibility
to avoid NIST crypto for everything in Base (isakmpd, openssh, openssl, https,
nginx being the key items in mind)?
BTW, looks like things are heading in the right direction
(http://www.slideshare.net/yandex/rubs
25 matches
Mail list logo
