Re: [IPsec] Ben Campbell's No Objection on draft-ietf-ipsecme-chacha20-poly1305-11: (with COMMENT)
Yoav Nir <ynir.ietf@gmail.com> Wed, 08 July 2015 05:48 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 637741B30DA; Tue, 7 Jul 2015 22:48:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.3
X-Spam-Level:
X-Spam-Status: No, score=0.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MANGLED_LIST=2.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8biFy0Hubm9; Tue, 7 Jul 2015 22:48:25 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CF011B30D7; Tue, 7 Jul 2015 22:48:25 -0700 (PDT)
Received: by wiga1 with SMTP id a1so274716120wig.0; Tue, 07 Jul 2015 22:48:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=78PQjYIn6Ordkv8LfAlHZjdrJ6TKTw5kEsPtgQ4JvkE=; b=bEWCspfnXHFMraOCc90eaKczZBGr0YnWqgcAJeXEbYmiWtetchGxamua+KFpjDlC3/ yifLcsK8ip5mu7YDSQHXUOIrPk/3CBJCn4UJqLEJJpm7npM6YKNRPGUfo6hEPijBNJFY CXs8zMm3gNKrn0j+dw/aEq+5jLDU5nEkwgmMRwwvhmFnu1b/3ACXqX4v7xT/9pyeSYPQ gER4aznMEzhwmfmwXD4DyN4N7xAMaqgSVU8vZu3QBytuZRRysvt8iabCst4XaAA66u35 9IcQN+pBoaSY2mw4EIKksqA19p30WR1jbjsqFf6Vw6N8E2LgOxfYxMSSwwStL+V1Ss+M XTSA==
X-Received: by 10.180.100.74 with SMTP id ew10mr112517991wib.12.1436334503736; Tue, 07 Jul 2015 22:48:23 -0700 (PDT)
Received: from yoavs-mbp.mshome.net ([176.12.138.59]) by smtp.gmail.com with ESMTPSA id fa8sm981603wib.14.2015.07.07.22.48.21 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 07 Jul 2015 22:48:23 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20150708025103.26310.85795.idtracker@ietfa.amsl.com>
Date: Wed, 08 Jul 2015 08:48:19 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <3EB0C363-2CA1-4D95-8988-49C4FF71C084@gmail.com>
References: <20150708025103.26310.85795.idtracker@ietfa.amsl.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/nYDk5YNL-Ojz_76Z4MteyC5sIDc>
Cc: ipsecme-chairs@ietf.org, draft-ietf-ipsecme-chacha20-poly1305@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>, ipsec@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-ipsecme-chacha20-poly1305.ad@ietf.org, draft-ietf-ipsecme-chacha20-poly1305.shepherd@ietf.org
Subject: Re: [IPsec] Ben Campbell's No Objection on draft-ietf-ipsecme-chacha20-poly1305-11: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 05:48:26 -0000
Hi, Ben. See below > On Jul 8, 2015, at 5:51 AM, Ben Campbell <ben@nostrum.com> wrote: > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > This is easier than usual to read for this sort of draft :-) > > -- Section 1, 1st paragraph: > I concur with Stephen's comment. Furthermore, this entire paragraph > pretty much reads like advertising copy. Can it be toned down a bit? As I replied to Stephen, I think the text is factual. Perhaps a more toned-down version could be something like this: The Advanced Encryption Standard (AES - [FIPS-197]) has become the go-to algorithm for encryption. It is not the most commonly used algorithm in many areas, including IPsec VPNs. On most modern platforms AES is anywhere from 4x to 10x as fast as the previous popular cipher, 3-key Data Encryption Standard (3DES - [SP800-67]). 3DES also has a 64-bit block, which means that the amount of data that can be encrypted before rekeying is required is not great. These reasons make AES not only the best choice, but the only choice. > -- 8.1 (Normative References) > > The reference to [RFC7539] is a normative downref. I don't see it on the > downref registry, nor was it mentioned in the last call notice. (For the > record, I think it's a reasonable downref.) Yes, it should have been pointed out. RFC 7539 was written specifically to serve as a reference for this and the TLS document (and any future documents anyone might want to write about SSH, S/Mime, etc.) Yoav