[Pkg-swan-devel] Bug#803787: Info on BLISS

[Christian Ehrhardt]

I recently had a discussion on this for [1][2] and enabled it in Ubuntu.
Out of that I'd want to let you know what upstream (Thanks Tobias) let me
know about it as it would matter for this bug here as well.
Quoting from [3]:

"Enabling the bliss Plugin is probably not such a good idea. There is a
potential local side-channel attack on strongSwan's BLISS implementation (
https://eprint.iacr.org/2017/505).

The ntru plugin should be fine. However, using NTRU with IKEv2 is not
standardized (uses an algorithm identifiers from the private use range
etc.).

Multiple IKEv2 protocol extensions are currently being developed, for
instance, additional exchanges to use fragmentation during the key exchange
or using multiple and more generic key exchanges, in particular,
post-quantum key encapsulation mechanisms (KEM, of which most have quite
large public keys). The latter (plus signature algorithms) are currently
being standardized by NIST (
https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization)
and versions of NTRU are among the contenders in round 2 (
https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions).
BLISS is not, but CRYSTALS-DILITHIUM is designed by the same people. It
might be a while until strongSwan supports the protocol extensions (there
is a branch with a partial implementation) and especially the new
algorithms (we currently use the liboqs library in said branch,
https://github.com/open-quantum-safe/liboqs/)."

[1]: https://salsa.debian.org/debian/strongswan/-/merge_requests/8
[2]: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749
[3]:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/comments/14

-- 
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-swan-devel/attachments/20200310/4c59085e/attachment.html>