-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Matthew Toseland: >> Actually we already do the benchmark-and-choice-on-startup for >> many algorithms, thanks to Eleriseth's patches. It looks to me like this is only done on a couple of algorithms, so there are still more to switch over.
>> However, a coherent crypto API at an appropriate level is >> definitely a good thing. >> >> I thought nextgens was in favour of using some form of TLS >> though? Note that using TLS correctly is nontrivial (e.g. the >> defaults don't have PFS and so are far less secure than our >> current code on at least one measure), although there are UDP >> versions we could use... He's also in favour of using >> "consistent" keylengths, i.e. reducing the key length for >> symmetric crypto because the keys generated aren't large enough >> to justify it anyway, and there may be difficulties with making >> connection setup generate bigger keys... >> >> More generally, is the plan to keep the existing protocols and >> key lengths, but refactor to make them clearer and less risky, or >> will you be changing any algorithms or parameters? Right now the plan is to just refactor it to make it easier to use. I am open to doing research on switching algorithms and parameters, but I have less experience in this area. > The other problem is some of the algorithms we rely on may be going > away in the newer versions of Bouncycastle. I mentioned this > earlier. You and nextgens should look into this. Backwards > compatibility for content is crucial; backwards compatibility for > connections only needs to be maintained for 6 months or so. I have started looking into this and so far haven't found anything to indicate they will be removing functionality. I'll keep digging and post what I find. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTelI2AAoJEKzPTx3Y+gGrGUgP/jE42xWoE+cEdfn4q1vLKe6N tv+KPIcBAkjQJCRLKyue4I9+nGtvnOdbSXsGJ0Fh9OjTjpOvCvs1hd8zIVRatr15 n/ARYyt3ZUYE5JASK4Y4Qx2DnknJki7VETzO5l7i1foJXqJVU/+AAsc8ghVhf8GO hwnLQ+dYd1mgfEOTQjLqtU+4QsizGB8vETaB6puzLXNPOa5A+EA88IycPn0mcD5G j7KjyQ88AsPKDgBhnp+JH/s95CkTtBhopn+nyBto7UJ68CfeAIKheJ0t9S0cukkS zDNOR1zJggcRLeq7UKKgrG22LrDXhi3TotSX+XLuqK5V7h5bxSxhzHPZgnCKuyzM IsV6fLbPr1t9YIlD5NyaZf0SDrM3qzgnZXQ6PNAJ7FVp/4+iUTozE4w9uKygmo+I nb4rLr4VHNUuEgr1PGm8kpawN/sQWirTQSER7GszBCkPHwKigtISTnn2/zrd5uGG SzXAkaNNsUktzQzaUE5R6uRCE4oZzJAUs8/jhy6qT4QG2maE0wuKWNdQmJyXNx8e 7eAwgSNM6EBpRYv0Mly+k628/Ravi87tqdVuYwNY8cN/fL3SkeZUdhNKrAHBH2W3 /Whptsj70TKOCpcrGQxq4DiT/MjlJ5XV3hCw+14trRWlRWC2bBaU51GMDrbEsSIV 2t+yp3tUM0C3yEroD7KJ =axzf -----END PGP SIGNATURE----- _______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
