Re: [IPsec] Stephen Farrell's Yes on draft-ietf-ipsecme-chacha20-poly1305-11: (with COMMENT)
Yoav Nir <ynir.ietf@gmail.com> Thu, 09 July 2015 07:51 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 612E21ACC85; Thu, 9 Jul 2015 00:51:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o_zigV3v9d_a; Thu, 9 Jul 2015 00:51:41 -0700 (PDT)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D82D21ACC83; Thu, 9 Jul 2015 00:51:40 -0700 (PDT)
Received: by wgov12 with SMTP id v12so31206140wgo.1; Thu, 09 Jul 2015 00:51:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EQcWw8xrAQzFrpVeOihqeS/cmHfaIgLHCjC79M5FrGw=; b=DvwLjAePu/zJTyuFp1VmISp6uzFv4Aep7MJE3UOLXueki/dOBQAfQE3YjuVxLEwZKk h7mH3aiS/2Sne8XRD+o2Vppquy6a8c6M4ttoSu2rqIhN4RQIs54vHiQ2PVLPNcjS+7oT QfnfG3iu5k+7ZYVp2nnwl4wIQ1w6PooYycl7ulw7sCRsXKAXCnTccQOgk4wrWHvKlhH0 mX19V+eT8afe5OZDFPil9T0/ax7dw9kky6f6hdBw8PWn2cgtBWziFEdBsn/6qHBx8fSq WOEcoXaQxi5l3IGIxma9k0Y8uBU432vuArwm49G5uqtK/oJREkfvf9gNOFiBgLHVzmsR s1fw==
X-Received: by 10.180.11.105 with SMTP id p9mr3997912wib.79.1436428298817; Thu, 09 Jul 2015 00:51:38 -0700 (PDT)
Received: from [172.24.250.202] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id pd7sm7358184wjb.27.2015.07.09.00.51.36 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 09 Jul 2015 00:51:38 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <559D2B09.7060909@cs.tcd.ie>
Date: Thu, 09 Jul 2015 10:51:35 +0300
Content-Transfer-Encoding: 7bit
Message-Id: <69B0584C-54F3-42FF-935C-D76D96DD1699@gmail.com>
References: <20150707231501.2664.3995.idtracker@ietfa.amsl.com> <B7841E74-01F5-4E8F-A74F-3408F78DF10A@gmail.com> <559CCED6.3050403@cs.tcd.ie> <6D8B7104-F696-47EA-ABA1-9634B97B2184@nohats.ca> <559D2B09.7060909@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/ujSbkqovX0gbearbb0KqPrQMtuU>
Cc: "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "draft-ietf-ipsecme-chacha20-poly1305@ietf.org" <draft-ietf-ipsecme-chacha20-poly1305@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, "ipsec@ietf.org" <ipsec@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-ipsecme-chacha20-poly1305.ad@ietf.org" <draft-ietf-ipsecme-chacha20-poly1305.ad@ietf.org>, Paul Wouters <paul@nohats.ca>, "draft-ietf-ipsecme-chacha20-poly1305.shepherd@ietf.org" <draft-ietf-ipsecme-chacha20-poly1305.shepherd@ietf.org>
Subject: Re: [IPsec] Stephen Farrell's Yes on draft-ietf-ipsecme-chacha20-poly1305-11: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 07:51:42 -0000
So, how about replacing the first two paragraphs? OLD: The Advanced Encryption Standard (AES - [FIPS-197]) has become the gold standard in encryption. Its efficient design, wide implementation, and hardware support allow for high performance in many areas, including IPsec VPNs. On most modern platforms, AES is anywhere from 4x to 10x as fast as the previous most-used cipher, 3-key Data Encryption Standard (3DES - [SP800-67]). 3DES also has a 64-bit block, which means that the amount of data that can be encrypted before rekeying is required is not great. These reasons make AES not only the best choice, but the only choice. The problem is that if future advances in cryptanalysis reveal a weakness in AES, VPN users will be in an unenviable position. With the only other widely supported cipher being the much slower 3DES, it is not feasible to re-configure IPsec installations away from AES. [standby-cipher] describes this issue and the need for a standby cipher in greater detail. NEW: The Advanced Encryption Standard (AES - [FIPS-197]) has become the go-to algorithm for encryption. It is now the most commonly used algorithm in many areas, including IPsec virtual private networks (VPN). On most modern platforms AES is anywhere from 4x to 10x as fast as the previous popular cipher, 3-key Data Encryption Standard (3DES - [SP800-67]). 3DES also uses a 64-bit block, which means that the amount of data that can be encrypted before rekeying is required is limited. These reasons make AES not only the best choice, but the only viable choice for IPsec. The problem is that if future advances in cryptanalysis reveal a weakness in AES, VPN users will be in an unenviable position. With the only other widely supported cipher for IPsec implementations being the much slower 3DES, it is not feasible to re-configure IPsec installations away from AES. [standby-cipher] describes this issue and the need for a standby cipher in greater detail. Yoav
- [IPsec] Stephen Farrell's Yes on draft-ietf-ipsec… Stephen Farrell
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Yoav Nir
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Stephen Farrell
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Paul Wouters
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Stephen Farrell
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Yoav Nir
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Stephen Farrell