From owner-freebsd-arch@freebsd.org  Wed May  8 23:20:23 2019
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA3C015964C9
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Wed,  8 May 2019 23:20:22 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 7D8486C57A
 for <freebsd-arch@freebsd.org>; Wed,  8 May 2019 23:20:22 +0000 (UTC)
 (envelope-from jhb@FreeBSD.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 3DEAF15964C8; Wed,  8 May 2019 23:20:22 +0000 (UTC)
Delivered-To: arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 000AE15964C7
 for <arch@mailman.ysv.freebsd.org>; Wed,  8 May 2019 23:20:21 +0000 (UTC)
 (envelope-from jhb@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org
 [IPv6:2610:1c1:1:606c::24b:4])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 971A56C579;
 Wed,  8 May 2019 23:20:21 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from John-Baldwins-MacBook-Pro-3.local (ralph.baldwin.cx
 [66.234.199.215])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate) (Authenticated sender: jhb)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 29E0DC6B4;
 Wed,  8 May 2019 23:20:21 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Subject: Re: Deprecating crypto algorithms in the kernel
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: arch@freebsd.org
References: <41ed59c2-f06c-710b-0e77-3b78add85ca3@FreeBSD.org>
 <245B376C-F79C-4615-8021-6692EE58CE60@gid.co.uk>
 <20190507170115.GI19509@kduck.mit.edu>
From: John Baldwin <jhb@FreeBSD.org>
Openpgp: preference=signencrypt
Autocrypt: addr=jhb@FreeBSD.org; keydata=
 mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0
 c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo
 /Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD
 /1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X
 1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z
 pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1
 oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k
 do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk
 d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID
 AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM
 jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3
 1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj
 XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH
 YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO
 EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz
 hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX
 sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16
 4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH
 aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx
 Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I
 SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf
 afMAg8QvmOWnHx3wl8WslCaXaE8=
Message-ID: <41d11a3a-463c-941a-e66f-035a6e3fc7b3@FreeBSD.org>
Date: Wed, 8 May 2019 16:20:18 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:60.0)
 Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <20190507170115.GI19509@kduck.mit.edu>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 971A56C579
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_SHORT(-0.96)[-0.961,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 23:20:23 -0000

On 5/7/19 10:01 AM, Benjamin Kaduk wrote:
>>> On 7 May 2019, at 02:13, John Baldwin <jhb@freebsd.org> wrote:
>>>
>>> commit 28ee9a2b109251829e940660b53a3551e70b720b
>>> Author: John Baldwin <jhb@FreeBSD.org>
>>> Date:   Mon May 6 15:48:24 2019 -0700
>>>
>>>     Add deprecation warnings for IPsec algorithms deprecated in RFC 8221.
>>>    
>>>     All of these algorithms are either explicitly marked MUST NOT, or they are
>>>     implicitly MUST NOTs by virtue of not being included in IETF's list of
>>>     protocols at all despite having assignments from IANA.
> 
> [see below]
> 
>>>     Specifically, this adds warnings for the following ciphers:
>>>     - des-cbc
>>>     - blowfish-cbc
>>>     - cast128-cbc
>>>     - des-deriv
>>>     - des-32iv
>>>     - camellia-cbc
> 
> AFAIK Camellia is not bad per se, just not implemented/used much outside of
> Japan.
> 
> For IETF protocols, it mostly got specified via Informational documents and
> not Standards-Track ones, since many people thought AES/etc. were fine.

Yes, I chose to not deprecate Camellia and ripemd160 in geli since it did
seem to just be less popular rather than "new use actively discouraged".
Do you think it might be worth letting it remain in IPsec?  Similarly for
ripemd160?
    
>>> commit dcd2c0a4a4e5a82f7cec2fc7e77e9356c1125765
>>> Author: John Baldwin <jhb@FreeBSD.org>
>>> Date:   Mon May 6 17:39:56 2019 -0700
>>>
>>>     Add deprecation warnings for weaker algorithms to geli(4).
>>>    
>>>     - Triple DES has been formally deprecated in Kerberos (RFC 8429)
>>>       and is soon to be deprecated in IPsec (RFC 8221).  It is generally
>>>       considered a weak cipher.
> 
> Nitpicking the wording: it's not so much that it's weak per se (even
> single-DES is just falling to the 56-bit brute-force attack, and I think
> triple-DES still basically holds the expected 112-bit strength), but it's
> quite slow and has a 64-bit block size, which increases the risk of
> birthday collisions.  I'm all for replacing/removing it, but mostly not
> because I think it's "weak".

Ok, I will drop that sentence.

-- 
John Baldwin