| | 117 | |
| | 118 | === The way forward for NCP === |
| | 119 | |
| | 120 | Arne and Steffan discussed, conluded: |
| | 121 | 1. It's time to implement actual negotiation. Would be nice to get into 2.5, but will not block a 2.5 release. |
| | 122 | 2. Client will still send `IV_NCP=2`, but add `IV_NCP_CIPHERS=`<colon-separated-cipher-list> (e.g. `IV_NCP_CIPHERS=AES-256-GCM:AES-128-GCM`) |
| | 123 | 3. Server will select a cipher based on the server cipher lists preferences. I.e. the server will push the first cipher in it's local `--ncp-ciphers` list that's also listed in the client's `IV_NCP_CIPHERS`. |
| | 124 | 4. For now, both client and server remain required to support `AES-128-GCM` and `AES-256-GCM` to do NCP. |
| | 125 | 5. At some point, the client will no longer send `IV_NCP`, but just `IV_NCP_CIPHERS`. From then on, supporting the AES-GCM ciphers is no longer needed. |
