[Cryptography] IPsec DH parameters, other flaws
Christian Huitema
huitema at huitema.net
Mon Nov 23 12:30:27 EST 2020
On 11/23/2020 12:00 AM, jrzx via cryptography wrote:
>> While QUIC started as a Google project, it is being standardized in the
>> IETF. There are several independent implementations of QUIC, by Apple,
>> Microsoft, Mozilla, Cloudflare and many others, including mine. They are
>> not "married to the Google code base".
> Does your implementation use OpenSSL, or Google's fork of OpenSSL?
It uses PicoTLS, a from-the-ground-up implementation of TLS 1.3 by
Kazuho Ohu -- https://github.com/h2o/picotls. Picotls allows for a
variety of implementation of the crypto algorithms, including libcrypto
from OpenSSL, a "fusion" implementation of AES-GCM developed by Kazuho,
and a "mini crypto" implementation using cifra
<https://github.com/ctz/cifra> for most crypto and micro-ecc
<https://github.com/kmackay/micro-ecc> for secp256r1.
As noted by Rich Saltz, different implementations use different
implementations of TLS and different crypto libraries. Some use a forked
branch of OpenSSL in which the API required by QUIC were added. The
Microsoft implementation uses S-Channel or MiTLS from MSR. The Google
implementation and some others use BoringSSL. Mozilla use their own
library. Some implementations use rusttls. A few implementations allow
developers to choose between OpenSSL, LibreSSL, etc.
> Where is your implementation?
https://github.com/private-octopus/picoquic/
The list of implementations is at
https://github.com/quicwg/base-drafts/wiki/Implementations.
The results of the automated interop testing set by Marten Seeman are at
https://interop.seemann.io/. The results from manual interop testing
conducted periodically are at
https://docs.google.com/spreadsheets/d/1D0tW89vOoaScs3IY9RGC0UesWGAwE6xyLk0l4JtvTVg/edit#gid=1991873121.
That spreadsheet includes tabs for the interop that have been going on
since 2017. Interop testing was one of the basic tools of protocol
development.
-- Christian Huitema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20201123/a5e1c252/attachment.htm>
More information about the cryptography
mailing list