Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec
Paul Wouters <paul@nohats.ca> Thu, 26 February 2015 14:48 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1653E1A017D for <ipsec@ietfa.amsl.com>; Thu, 26 Feb 2015 06:48:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vjXsGBzusHBw for <ipsec@ietfa.amsl.com>; Thu, 26 Feb 2015 06:48:12 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A525E1A0199 for <ipsec@ietf.org>; Thu, 26 Feb 2015 06:48:12 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ktH15622Nz5FY; Thu, 26 Feb 2015 15:48:09 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass reason="1024-bit key; unprotected key" header.d=nohats.ca header.i=@nohats.ca header.b=K5+n3bP3; dkim-adsp=pass
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id mGn0ZXCvons6; Thu, 26 Feb 2015 15:48:08 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 26 Feb 2015 15:48:08 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D8FE3813B1; Thu, 26 Feb 2015 09:48:07 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1424962087; bh=JCgU1Df/0IcZGNuAm8iJV+XD04aYSVIxcBvVe/Tz20s=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=K5+n3bP36l9Zz6j3YhB+Ni3lyJaezZEbiHE79HGJ3GWVytzbtS3OssNLQmK3ryfsm 3OU7GFA2HKKdY5hfIi3R4iiBok8lURFa3WbJayq+aIKIwwv9KVYVaxe+QXdz/at0QS K7SPv36/+D5Yx0oQjgARodIa+yT+D1BjADgMYOXU=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t1QEm7Zp029462; Thu, 26 Feb 2015 09:48:07 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Thu, 26 Feb 2015 09:48:07 -0500
From: Paul Wouters <paul@nohats.ca>
To: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <798DAF77-94CB-4AF4-AECC-5039808F147F@gmail.com>
Message-ID: <alpine.LFD.2.10.1502260933310.28451@bofh.nohats.ca>
References: <798DAF77-94CB-4AF4-AECC-5039808F147F@gmail.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/mdNlZk_qr4tK_FiQwhd6WjgWwUg>
Cc: IPsecME WG <ipsec@ietf.org>
Subject: Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 14:48:14 -0000
On Tue, 24 Feb 2015, Yoav Nir wrote: > In the meantime, I have updated my draft to only define the AEAD. Since we not have CFRG’s “stamp of approval” if not yet an RFC number, > I would like to renew my request to have the ChaCha20+Poly1305 for IKE and IPsec document [2] accepted by this working group with the > intent of having it published as a standard-track document. I am in favour of adopting this document for the WG. > [2] https://tools.ietf.org/html/draft-nir-ipsecme-chacha20-poly1305-05 Can we rename ESP_ChaCha20-Poly1305 to ESP_ChaCha20_Poly1305 ? That allows implementors to match the literal IANA string into C-code, which does not allow a "-" symbol. The problem is that if future advances in cryptanalysis reveal a weakness in AES, VPN users will be in an unenviable position. With the only other widely supported cipher being the much slower 3DES, I'm not sure if that is completely true. We do have Camellia, although I'm not a cryptographer and it might be too similar to AES. So I still agree with the sentiment of the text. The length of the ciphertext as a 32-bit network order quantity. Can we clarify the number of octets used here without needing to go into another reference document? I kind of dislike using HMAC-SHA-256 but I understand we don't have much choice right now: https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10#section-2.7 Although perhaps we can go back to CRFG and ask if they can give us something that is not based on the SHA2 family? I have no strong opinions about Diffie-Hellman groups. Paul
- Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec Yoav Nir
- [IPsec] ChaCha20 + Poly1305 for IKE and IPsec Yoav Nir
- Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec Michael Richardson
- Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec Yoav Nir
- Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec Tero Kivinen
- Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec Paul Wouters
- Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec Yoav Nir
- Re: [IPsec] ChaCha20 + Poly1305 for IKE and IPsec Paul Wouters