Date: Sun, 21 Mar 2021 12:42:18 +1100 From: Dewayne Geraghty <dewayne@heuristicsystems.com.au> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: IPSEC loosing camellia in IPSEC on FreeBSD13? Message-ID: <d9817733-7cd0-6b76-eaf8-5ea3c17bb8b3@heuristicsystems.com.au>
next in thread | raw e-mail | index | archive | help
For those that skim release notes, https://www.freebsd.org/releases/13.0R/relnotes/ I noticed that FreeBSD13 drops from IPSEC: - some integrity checks as well as blowfish, cast128, des, des3 & variants AND camellia. From my stable/12 "man setkey" this leaves ciphers: null, aes-cbc, aes-ctr and aes-gcm16. Apparently the reason is that it wasn't mentioned in RFC8221, while section 1.2 states "As a result, any algorithm listed at the IPsec IANA registry that is not mentioned in this document MAY be implemented." it goes on to explain what must not be used. (Camellia is not part of that list) Camellia does appear in the IANA registry https://www.iana.org/assignments/isakmp-registry/isakmp-registry.xhtml#isakmp-registry-9 Can anyone help me to understand why camellia should be removed? On a purely number of rounds basis, camellia is better. Both AES and camellia use S boxes, camellia uses 18 rounds for 128b keys and 24 rounds on 192 and 256 bit keys, while commercial/public AES-128 uses 10 rounds and AES-256 14 rounds. FreeBSD is better by having more choice of ciphers and somewhat ahead of the pack (rfc4312 (Camellia use with ipsec)). Ref: https://cgit.freebsd.org/src/commit/?id=16aabb761c0a PS And yes I use IPSEC with camellia between FreeBSD boxes and I was planning on upgrading some old internet facing systems. Twofish would be better ;)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d9817733-7cd0-6b76-eaf8-5ea3c17bb8b3>