Hi, On Sun, Sep 18, 2016 at 8:25 AM, Steffan Karger <stef...@karger.me> wrote:
> Hi, > > On 27 July 2016 at 16:42, Steffan Karger <steffan.kar...@fox-it.com> > wrote: > > Our customers, as well as community users, have asked for encryption of > > control channel packets to hide their certificate (containing perhaps > > the users' name or organisation), or to provide some basic form of > > post-quantum security (see e.g. trac #633). > > > > We've been thinking about this for a while, and would like to implement > > such a feature. I've attached a proposal for an extension of tls-auth > > to achieve this in OpenVPN. Comments and/or questions are very welcome. > > I hope to be able to start implementing this soon. > > I just pushed an experimental branch with --tls-crypt support: > https://github.com/syzzer/openvpn/tree/tls-crypt-preview > > Any comments and test results or very much welcome. > Not qualified to comment on the implementation details, but the feature looks very useful to have. Arguably its too early to plan for a post-quantum world, but encrypting control channel packets is nice.. . Does this mean that --tls-crypt will imply --tls-auth with the same key-file (or make the latter redudnant?). The man-page description in the patch appears to imply so, but not very clear.. Selva
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
