[secdir] secdir review of draft-ietf-tls-chacha20-poly1305

"Dan Harkins" <dharkins@lounge.org> Mon, 04 April 2016 15:14 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id ACAEC12D702; Mon, 4 Apr 2016 08:14:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id wNL-ewRSGTNf; Mon, 4 Apr 2016 08:14:46 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net []) by ietfa.amsl.com (Postfix) with ESMTP id 5890012D58F; Mon, 4 Apr 2016 08:14:46 -0700 (PDT)
Received: from www.trepanning.net (localhost []) by colo.trepanning.net (Postfix) with ESMTP id 2DC2F1022404C; Mon, 4 Apr 2016 08:14:46 -0700 (PDT)
Received: from (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 4 Apr 2016 08:14:46 -0700 (PDT)
Message-ID: <10417009fba695628b364f7d191f1672.squirrel@www.trepanning.net>
Date: Mon, 04 Apr 2016 08:14:46 -0700
From: Dan Harkins <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-tls-chacha20-poly1305.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/vzQRIJfPkvc8l3rNtEMV1fBP0_c>
Subject: [secdir] secdir review of draft-ietf-tls-chacha20-poly1305
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 15:14:47 -0000


  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

  The draft defines how to use the chacha20+poly1305 AEAD mode
in TLS. chacha is a cipher mode "designed by D.J. Bernstein" and
poly1305 is an authenticator "designed by D.J. Bernstein" (as the
draft sees necessary to mention) and the two have been combined
into an AEAD mode as defined in RFC 7539. This draft just says
to use the method of AEAD incorporation that the TLS specification
(RFC 5246) defines to put this AEAD mode into (D)TLS. It asks for
7 new TLS cipher suites.

  It's very concise and I consider it "Ready". That said, I'd add
a personal nit (which doesn't rise to the level of "Ready with nits")
that it's probably not necessary to have both a TLS_PSK_WITH and a
PSK_ECDHE_PSK_WITH cipher suite and would prefer doing away with
the former.