[IPsec] ChaCha20 & Poly1305, AEAD and other modes

Yoav Nir <ynir.ietf@gmail.com> Sun, 09 March 2014 15:03 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0CACF1A035F for <ipsec@ietfa.amsl.com>; Sun, 9 Mar 2014 08:03:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ng2mp8JujObb for <ipsec@ietfa.amsl.com>; Sun, 9 Mar 2014 08:03:13 -0700 (PDT)
Received: from mail-wg0-x22d.google.com (mail-wg0-x22d.google.com [IPv6:2a00:1450:400c:c00::22d]) by ietfa.amsl.com (Postfix) with ESMTP id A6E081A0265 for <ipsec@ietf.org>; Sun, 9 Mar 2014 08:03:12 -0700 (PDT)
Received: by mail-wg0-f45.google.com with SMTP id l18so6895688wgh.28 for <ipsec@ietf.org>; Sun, 09 Mar 2014 08:03:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=8wB4bzmTYClOn9Zv+Vqf1OK7hNx1zgAqSjEAET2K0N0=; b=QiMZgxE7BQvR1uWp4cc01btg0272Ne1ysYbpkTBfx509cu5eENYM9kOGRbJgKgviUs MkmzFY/cH08rBWTLuJZB0OVE7sykS2i+ADtjEpTEhh+E+oKk/ThTzaAT3pFkFt3oMe+9 Gp6NfiQugyrpLlr6WwbhEVyuGfb2Tums4ibW3z8HWBthNAWGoktd2rRo53rImWNEEbir woEfKcX2NTs9isszaCLbIfjHHg3syhPY3Vy4xri+dP/o95qpnp10b20W/doCYg7MqdVP hkWlc/yBwzf+0VTJnByGLKI35WgvrsdjKwSyaHb/J1odXTHcJAZA12OrjNV5adgfGgvo pWCA==
MIME-Version: 1.0
X-Received: by with SMTP id mv11mr4811365wic.44.1394377387252; Sun, 09 Mar 2014 08:03:07 -0700 (PDT)
Received: by with HTTP; Sun, 9 Mar 2014 08:03:07 -0700 (PDT)
Date: Sun, 9 Mar 2014 17:03:07 +0200
Message-ID: <CAGvU-a619O9AGJcwod3uYXKNnBRhcWdZdBnoqnmuDECPHnX-6A@mail.gmail.com>
From: Yoav Nir <ynir.ietf@gmail.com>
To: ipsec <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary=001a11c25d36d99f9104f42dc857
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/u9Ktj4Pagl-I0x9aD2GtCwW_sgM
Subject: [IPsec] ChaCha20 & Poly1305, AEAD and other modes
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Mar 2014 15:03:14 -0000


draft-nir-ipsecme-chacha20-poly1305 currently specifies three transforms:

   1. chacha20 as a stand-alone cipher
   2. Poly1305 as a stand-alone MAC
   3. ChaCha20-Poly1305 as an AEAD.

Some people in the room said that we should only do the AEAD and skip the
stand-alone algorithms. This would prevent SAs with combinations such as
ChaCha20 + HMAC-SHA1 or AES-128-CBC + Poly1305.

I'm not saying whether we need or don't need these combinations. I don't
see much use for them personally. My question to the list now is whether
everyone agrees that it's fine to drop them and leave only the combined
mode algorithm in the draft.