search

igorbarshteyn / oqs-openssl-quic

A fork of Open Quantum Safe Project's fork of OpenSSL 1.1.1m, which adds QUIC protocol support from the quictls project.
Other
8 stars 2 forks source link

Improvements Roadmap #4

Open igorbarshteyn opened 2 years ago

igorbarshteyn commented 2 years ago

I no particular order, things that would be nice to do, based on the work done so far and what is ongoing:

1) Diagnose and repair issues around certificate generation with quantum-safe signatures (only some signatures work to generate certificates - find out why). Ongoing work in Issue #1 2) Replace LSQUIC client with MSQUIC library and its associated client written in C, for testing (per Michael Baentsch @ OQS team). Ongoing work in Issue #2 3) Replace Wireshark development PPA with Wireshark version produced by WolfSSL/OQS teams, which can identify quantum-safe KEMs in QUIC packets (per Anthony Hu @ WolfSSL). 4) Rebuild oqs-openssl-quic using the latest snapshot release of oqs-opennsl referencing OpenSSL 1.1.1m (instead of the 12/21 oqs-openssl release candidate). Document the git cherry-pick commands used; avoid use of meld to resolve documentation conflicts (the only conflicts in original build were in README.md files). Instruct cherry-pick to err on the side of quictls commits.

--Igor

baentsch commented 2 years ago

Sounds like a good list -- why, though, are these not separate issues (to be worked on)? Well 1&2 already are. Item 4 would be a great separate issue and excellent to resolve: I'd "dream of" a script always lifting oqs-openssl to the latest oqs-quic-openssl (e.g., whenever oqs-openssl has merged a new upstream openssl tag and quic-openssl has done the same).

igorbarshteyn commented 2 years ago

I'm still new to github :) so not super-familiar with the conventions of running things around here. I opened this particular issue as a list of things that are either on-going improvements, or nice-to-haves. I think after we tackle #2 and #1, I can open the other two issues and start working on those, time permitting. I agree a script to automatically add QUIC support to any given version of oqs-openssl would be a good end-stage goal, once we work the other bugs out. I'll keep this list going and will update it periodically to include any ongoing or planned fixes or improvements, and to link to existing open issues corresponding to that work.