Re: [Cfrg] Rev RFC 7539?

John Mattsson <> Mon, 14 November 2016 07:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B685F129420 for <>; Sun, 13 Nov 2016 23:34:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id R7nB41QhpOHP for <>; Sun, 13 Nov 2016 23:34:01 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B892F129415 for <>; Sun, 13 Nov 2016 23:34:00 -0800 (PST)
X-AuditID: c1b4fb30-dc07098000007ca6-38-582968e6b791
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id 59.E0.31910.6E869285; Mon, 14 Nov 2016 08:33:59 +0100 (CET)
Received: from ([]) by ([]) with mapi id 14.03.0319.002; Mon, 14 Nov 2016 08:28:47 +0100
From: John Mattsson <>
To: Alexey Melnikov <>, Yoav Nir <>
Thread-Topic: [Cfrg] Rev RFC 7539?
Thread-Index: AQHSPkGjOwqcQH3ZJEidVN4x1EU48aDYAf4AgACZEYA=
Date: Mon, 14 Nov 2016 07:28:46 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_D44F938354EBDjohnmattssonericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrMIsWRmVeSWpSXmKPExsUyM2K7uu7zDM0Ig4cXOCxmrC6y6P5xkMli 6bEPTA7MHjtn3WX3mLzxMJvHqWbDAOYoLpuU1JzMstQifbsEroxT566yFizyqJi+YQ5zA+Nc ty5GTg4JAROJeZs+s3QxcnEICaxjlGhvvsAG4SxmlGjbvp4RpIpNwEBi7p4GNhBbRCBQorlr OlicWUBWYubF9SwgtrCAokT/mSOsEDVKEoePzWKBsK0kppzqBLNZBFQlvl94BWbzCphLfHr4 GWyOkEC+RPuqG0wgNqeArcTfW8vBahgFxCS+n1rDBLFLXOLWk/lMEFcLSCzZc54ZwhaVePn4 H9BeDg5RAT2JNffDIMJKEo1LnrBCtMZIvJn4ihliraDEyZlPWCYwis5CMnUWkrJZSMpmAU1l FtCUWL9LH6JEUWJK90N2CFtDonXOXCjbWuLWyVesyGoWMHKsYhQtTi1Oyk03MtJLLcpMLi7O z9PLSy3ZxAiMyoNbfhvsYHz53PEQowAHoxIP74d6jQgh1sSy4srcQ4wSHMxKIrznEzUjhHhT EiurUovy44tKc1KLDzFKc7AoifOarbwfLiSQnliSmp2aWpBaBJNl4uCUamDklp7mdXGrtv1R jxOtoaKLzPZNzavJWOunlPSb8/mGNRHbGA3cOhnW7t8ucO2PxdUrRSt6pvLIshun9lxzfv9h 0Y81jSKtDO9KNv5a/EtMYudrhqqrQZtWVAnlv5NZrGV9u6mxxe7310rPoMu3GeYtO/SSJ01Q b1N/tElswARzjVkL2ONCFQWVWIozEg21mIuKEwGyGZT7xgIAAA==
Archived-At: <>
Subject: Re: [Cfrg] Rev RFC 7539?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 14 Nov 2016 07:34:03 -0000


I think  such an update should also include guidance on tag truncation (i.e. do not truncate), perhaps in the security consideration section. This was raised by Jim Schaad on the CFRG list.

I have also heard discussions on truncating poly1305 in other places.

If there any other clarifications regarding secure or interoperable implementations, I think they should be added as well.


From: Cfrg <<>> on behalf of Alexey Melnikov <<>>
Date: Monday, 14 November 2016 at 16:20
To: Yoav Nir <<>>
Cc: IRTF CFRG <<>>
Subject: Re: [Cfrg] Rev RFC 7539?


On 14 Nov 2016, at 15:32, Yoav Nir <<>> wrote:


RFC 7539 (“ChaCha20 and Poly1305 for IETF Protocols”)[1] is now implemented in many places and referenced by 3 RFCs and 8 Internet Drafts ([2])

However, the quality of the document is not where we’d like it to be. There have been 7 errata filed against it. Most of it is editorial or insignificant, but still no errata is better than some errata.

So what do the participants and chairs think about spinning up a quick[4] rfc7539bis that has the same text, except that the errata will be merged in?

This chair thinks it is a good idea.

I think such a document should be fairly easy and quick.


P.S: and yes, of course I’m volunteering to write it.

[4] My spell check actually corrected “quick” to “quic”. The contents of my mails are veering far away from regular English.

Cfrg mailing list<>