linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jordan Glover <Golden_Miller83@protonmail.ch>
To: Pascal Van Leeuwen <pvanleeuwen@insidesecure.com>
Cc: Vitaly Chikunov <vt@altlinux.org>,
	Eric Biggers <ebiggers@kernel.org>, Theodore Ts'o <tytso@mit.edu>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>,
	"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: RE: Should we consider removing Streebog from the Linux Kernel?
Date: Mon, 01 Apr 2019 12:43:43 +0000	[thread overview]
Message-ID: <OJkrC5IricS5LhN9uJ9JiwWokxLRVb4H4vsNhDFd9Hu-GCOamv7V_QAwvyt8LP-wH43TIuPljaDqhAX2xMcksfya7e_HCbh095uq9azRRYY=@protonmail.ch> (raw)
In-Reply-To: <AM5PR0901MB115597BC2754E1B388AF15F2D2550@AM5PR0901MB1155.eurprd09.prod.outlook.com>

On Monday, April 1, 2019 11:44 AM, Pascal Van Leeuwen <pvanleeuwen@insidesecure.com> wrote:

> > On Monday, April 1, 2019 10:04 AM, Vitaly Chikunov vt@altlinux.org wrote:
> >
> > > > Can you elaborate on why you want to use Streebog? When we added
> > > > Speck, we explained in great detail why it was useful from a
> > > > technical perspective (before Adiantum was ready). I don't see any such
> > > > explanation for Streebog.
> > >
> > > Our users demand that file integrity is implemented using their
> > > national standard algorithm.
> > > Thanks,
> >
> > Does it mean that every state can demand from Linux kernel to carrying crypto
> > algorithms of their choice?
>
> I doubt that states can have that kind of leverage over the main linux kernel,
> but they DO have that kind of leverage over local companies and individuals.
> And it is not uncommon for states not to trust any "western" crypto and
> mandate(!) the use of specific home-grown algorithms instead.
> So if you need to facilitate such requirements from your device incorporating
> Linux, it's terribly convenient for those algorithms to be part of the mainline kernel.
> As the alternative would be to either maintain those outside of the kernel tree
> or to fork the kernel in its entirety, considering you must support them.
>

So if they have leverage over companies and individuals they have leverage over
the linux kernel too :)

I wonder what will be the limits of this leverage. Imagine some state (eastern or
western, north or south) starts to require using backdoored crypto because they
don't trust something they can't break. Will linux kernel comply?

> i.e. you can't blame them for trying ... and what WOULD be a good reason for
> including a certain algorithm anyway?
>

Technical soundness and problems it solves. Speck was already given as example.
It was needed due to performance constraints on lower-end devices and when it
wasn't needed anymore it was thrown to the bin.

> Regards,
> Pascal, HW Security Architect

Jordan


      reply	other threads:[~2019-04-01 12:43 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-25  4:45 Should we consider removing Streebog from the Linux Kernel? Theodore Ts'o
2019-03-25  6:00 ` Vitaly Chikunov
2019-03-31 22:43   ` Eric Biggers
2019-04-01 10:04     ` Vitaly Chikunov
2019-04-01 10:51       ` Jordan Glover
2019-04-01 11:44         ` Pascal Van Leeuwen
2019-04-01 12:43           ` Jordan Glover [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='OJkrC5IricS5LhN9uJ9JiwWokxLRVb4H4vsNhDFd9Hu-GCOamv7V_QAwvyt8LP-wH43TIuPljaDqhAX2xMcksfya7e_HCbh095uq9azRRYY=@protonmail.ch' \
    --to=golden_miller83@protonmail.ch \
    --cc=Jason@zx2c4.com \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=pvanleeuwen@insidesecure.com \
    --cc=tytso@mit.edu \
    --cc=vt@altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).