Hi, I'm Santiago, a TU from Arch Linux and I've been debugging a couple of issues with the current https handling of chainloaded scripts. Unfortunately, it appears that the supported set of cipher suites on the ipxe codebase (mostly AES-CBC-RSA variants) are considered unsafe (e.g., they are vulnerable to the ROBOT attack[1]). That much, that most of the best practices suggest disabling those suites in http ssl configurations.
Thus, after some discussion on IRC, I want to propose helping update the codebase to support more more modern ciphers. Now, I believe that doing so is quite an endeavor, and we probably want to pick an upgrade path of least resistance: - Move from CBC to GCM -> would require us to implement this new cipher block chaining (for which I can propose patches). - Move from RSA key derivation to DSA/EDDSA variants for key derivation. This would require implementing a new key derivation function. (for this one I could also help, but I'd most likely want somebody familiar with the codebase to help me navigate what's the best way forward). However, the rest of the stack can still safely remain on RSA, and thus we wouldn't need to reimplement other parts for the forseeable future. As a result, we would be able to support EDDSA-RSA-AES-GCM suites, which are probably best practice for a couple of years. What does everybody think? Cheers, -Santiago. [1] https://robotattack.org/
signature.asc
Description: PGP signature
_______________________________________________ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
