“How more work can there be?”
@tedu You might be missing the word “much” in there…unless that was an intentional but subtle joke about things being almost done, or an even more subtle compression joke of some kind.
LibreSSL integrated the draft chacha20-poly1305 construction from BoringSSL. The IETF has since standardized a slightly different version because if it were the same it wouldn’t be different. Support for standard variant, and the beginning of deprecation for the existing code, should be landing very shortly. Incidentally, some people got bent out of shape because shipping chacha20 meant exposing non IANA approved numbers to Internet. No promises that won’t happen again.
What he means by that?
I think what is meant is: both ends of an SSH connection have to swap lists of what encryption algorithms they accept/support so that they can agree on mutually acceptable encryption. On the wire, each encryption algorithm that SSH can use is denoted by a number, not a text string. For the SSH protocol, there is an agency (IANA) that governs handing out of numbers, and everybody is supposed to heed their rulings so that nobody ends up accidentally trying to use the same number to denote two different algorithms. I think the LibreSSL people started using chacha20 and picked a number for it without getting a number assigned for it from IANA first, so in there’s a tiny risk that if anybody else was making up their own numbers for algorithms too, there could be a collision since neither party is talking to each other via IANA.
I haven’t checked all of the above so I might be wrong on some point.
[Comment removed by author]
Oops! Thank you for the correction. I did indeed mean “TLS” everywhere I wrote “SSL” in the above.
That’s pretty much it, though Google picked the numbers, not us.