disable BLISS for known side-channel attack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
While enabling NTRU (that was ok) I thought I should also enable BLISS which is for the same post-quantum use cases. See bug 1863749.
But I got an info from upstream there:
Tobias Brunner (tobias-strongswan) wrote on 2020-03-05: #14
Enabling the bliss Plugin is probably not such a good idea. There is a potential local side-channel attack on strongSwan's BLISS implementation (https:/
The ntru plugin should be fine. However, using NTRU with IKEv2 is not standardized (uses an algorithm identifiers from the private use range etc.).
Multiple IKEv2 protocol extensions are currently being developed, for instance, additional exchanges to use fragmentation during the key exchange or using multiple and more generic key exchanges, in particular, post-quantum key encapsulation mechanisms (KEM, of which most have quite large public keys). The latter (plus signature algorithms) are currently being standardized by NIST (https:/
---
Based on that lets drop BLISS again and keep just NTRU.
Related branches
- Andreas Hasenack: Approve
- Canonical Server: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 83 lines (+8/-9)4 files modifieddebian/changelog (+8/-0)
debian/control (+0/-3)
debian/libstrongswan-extra-plugins.install (+0/-5)
debian/rules (+0/-1)
Just four days in the past this was disabled and we will now disable it again.
Lets keep the release Team working on important things and not file an FFe (again) for changing this.