I’ve been finishing up an initial version of support for the OpenSSH variant of RFC 5647, and while I can’t seem to find any real implementations of the spec, several programs seem to support the OpenSSH variant. Upon reading the relevant RFC, I noticed that the cipher namespace is open based on domain names.
At the same time, I see that OpenSSH proposed a new cipher based on ChaCha20-Poly1305, and one of the interesting changes in that was encrypting the packet length again which wasn’t possible in 5647. Since supporting properly hardware accelerated ChaCha/Poly is likely only available in Java 11, I was wondering if perhaps we could propose a sort of updated AES/GCM cipher using a similar key derivation strategy used there? I ask this mainly because it could essentially come “for free” while implementing the ChaCha version as the code path would be the same. Also, if an idea were acceptable, would it be better to use @mina.apache.org or just @apache.org in the cipher name? -- Matt Sicker <boa...@gmail.com>
