[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal linked: https://code.launchpad.net/~paride/ubuntu/+source/strongswan/+git/strongswan/+merge/411793 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal linked: https://code.launchpad.net/~paride/ubuntu/+source/strongswan/+git/strongswan/+merge/408927 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal linked: https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/396490 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Tags removed: server-next -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal unlinked: https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/strongswan/+git/strongswan/+merge/383258 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal linked: https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/strongswan/+git/strongswan/+merge/383258 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Changed in: strongswan (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal unlinked: https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/380464 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal unlinked: https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/380464 -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal linked: https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/380464 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
FYI - I also pinged the related Debian bug about it, such great info should be known in all places. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
See bug 1866765 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
Thanks Tobias, yes I'll keep NTRU and remove BLISS then. Thanks for the detailed explanation! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
thanks for adding NTRU back; my old config is working again! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
This bug was fixed in the package strongswan - 5.8.2-1ubuntu2 --- strongswan (5.8.2-1ubuntu2) focal; urgency=medium * re-add post-quantum computer signature scheme (BLISS) and encryption algorithm (NTRU) as well as the dependent nttfft library (LP: #1863749) - d/control: mention plugins in package description - d/rules: enable ntru and bliss at build time - d/libstrongswan-extra-plugins.install: ship config and shared objects -- Christian Ehrhardt Wed, 04 Mar 2020 07:54:26 +0100 ** Changed in: strongswan (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
Enabling the bliss Plugin is probably not such a good idea. There is a potential local side-channel attack on strongSwan's BLISS implementation (https://eprint.iacr.org/2017/505). The ntru plugin should be fine. However, using NTRU with IKEv2 is not standardized (uses an algorithm identifiers from the private use range etc.). Multiple IKEv2 protocol extensions are currently being developed, for instance, additional exchanges to use fragmentation during the key exchange or using multiple and more generic key exchanges, in particular, post-quantum key encapsulation mechanisms (KEM, of which most have quite large public keys). The latter (plus signature algorithms) are currently being standardized by NIST (https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum- cryptography-standardization) and versions of NTRU are among the contenders in round 2 (https://csrc.nist.gov/projects/post-quantum- cryptography/round-2-submissions). BLISS is not, but CRYSTALS-DILITHIUM is designed by the same people. It might be a while until strongSwan supports the protocol extensions (there is a branch with a partial implementation) and especially the new algorithms (we currently use the liboqs library in said branch, https://github.com/open-quantum- safe/liboqs/). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
FYI: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787 Shows that there are more users asking for it implying that there is a real use case for Ubuntu users. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
Found an older discussion while talking to the Debian maintainer. He is still unsure about enabling, but (instead of the old mass-enabling) this is a single case with an isolated use-case and reason so I want us to have it back. Along NTRU there is also Bliss to make other bits of strongswan "quantum safe". Lets re-enable that as well. This is a bit of a lottery, in the life-cycle of 20.04 ntru/bliss might become important then it is great to have it. Maybe it doesn't but then not a lot is lost. ** Bug watch added: Debian Bug tracker #803787 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787 ** Also affects: strongswan (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
Thanks Iain. Also added an MP for team review => https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/380194 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
Thanks for filing - seems like something we should definitely do, so please go ahead. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Merge proposal linked: https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/380194 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Description changed: + [ Feature Freeze Exception ] + + * The NTRU plugin was enabled in all past releases, so if we re-enable + this actually it isn't a Feature change for upgraders. Instead if we + don't resolve this bug is a "loss of features" - therefore I'm even + unsure this would need an FFe but let us stick to the process. + + * Background: In an effort to synchronize between Debian and Ubuntu we + got many things enabled and packaged in Debian that were only in Ubuntu + before. But at the same time we disabled several plugins that are not + enabled by default and also unused according to bug/usage reports in the + past. This is such a report identifying one of our clearings being + overzealous; so I'd want to re-enable it. + + * The plugin is standardized (no experimental crap) [1] and considered + stable [2] since quite a while. + + [1]: https://wiki.strongswan.org/projects/strongswan/wiki/NTRU + [2]: https://wiki.strongswan.org/projects/strongswan/wiki/PluginList + + I'd be happy if the ubuntu-release Team could give a quick ack to my + assumptions so I can upload this to Focal once all things are in place. + + + + the post quantum Key Exchange Algo NTRU is missing in Focal on edgy is still there: # cat /etc/issue Ubuntu 19.10 \n \l # apt list | grep strongswan WARNING: apt does not have a stable CLI interface. Use with caution in scripts. libstrongswan-extra-plugins/eoan,now 5.7.2-1ubuntu3 amd64 [installed] libstrongswan-extra-plugins/eoan 5.7.2-1ubuntu3 i386 libstrongswan-standard-plugins/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] libstrongswan-standard-plugins/eoan 5.7.2-1ubuntu3 i386 libstrongswan/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] libstrongswan/eoan 5.7.2-1ubuntu3 i386 network-manager-strongswan/eoan 1.4.4-2 amd64 network-manager-strongswan/eoan 1.4.4-2 i386 strongswan-charon/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] strongswan-charon/eoan 5.7.2-1ubuntu3 i386 strongswan-libcharon/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] strongswan-libcharon/eoan 5.7.2-1ubuntu3 i386 strongswan-nm/eoan 5.7.2-1ubuntu3 amd64 strongswan-nm/eoan 5.7.2-1ubuntu3 i386 strongswan-pki/eoan 5.7.2-1ubuntu3 amd64 strongswan-pki/eoan 5.7.2-1ubuntu3 i386 strongswan-scepclient/eoan 5.7.2-1ubuntu3 amd64 strongswan-scepclient/eoan 5.7.2-1ubuntu3 i386 strongswan-starter/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] strongswan-starter/eoan 5.7.2-1ubuntu3 i386 strongswan-swanctl/eoan,now 5.7.2-1ubuntu3 amd64 [installed] strongswan-swanctl/eoan 5.7.2-1ubuntu3 i386 strongswan-tnc-base/eoan,eoan 5.7.2-1ubuntu3 all strongswan-tnc-client/eoan,eoan 5.7.2-1ubuntu3 all strongswan-tnc-ifmap/eoan,eoan 5.7.2-1ubuntu3 all strongswan-tnc-pdp/eoan,eoan 5.7.2-1ubuntu3 all strongswan-tnc-server/eoan,eoan 5.7.2-1ubuntu3 all strongswan/eoan,eoan,now 5.7.2-1ubuntu3 all [installed] # ipsec statusall | grep ntru - loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters + loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters -- but on current focal it is missing: -- # cat /etc/issue Ubuntu Focal Fossa (development branch) \n \l # apt list | grep strongswan WARNING: apt does not have a stable CLI interface. Use with caution in scripts. libstrongswan-extra-plugins/focal,now 5.8.2-1ubuntu1 amd64 [installed]
[Bug 1863749] Re: [FFe] NTRU Plugin Missing in Focal
** Summary changed: - NTRU Plugin Missing in Focal + [FFe] NTRU Plugin Missing in Focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
