Re: [TLS] adopting ChaCha20 as a WG item was: I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Yoav Nir <ynir.ietf@gmail.com> Thu, 02 October 2014 21:22 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D7EE1ACDA3 for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 14:22:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JsihjANZAhBz for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 14:22:58 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A17D51ACDA0 for <tls@ietf.org>; Thu, 2 Oct 2014 14:22:57 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id cc10so5377075wib.13 for <tls@ietf.org>; Thu, 02 Oct 2014 14:22:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=QAltd6H+cyd6dmZ/nIZMpyyvf0XRLho0kd1MrpRwLGI=; b=WFbI6YjMZjBqdYy+M+NiqLigtCevW/dW5+ePNgnac558w8NcdBU/guHR2TuXAgBcHx x1+qMuLt3D3OwHlSrYMuMoBoXGg338qwkjwFTxm9Rbf3UFD7ABrsyT/9etoM1y6SND4B aV62aHMRu/n8gTtu1XBJRUTf1JN8C9+9tt2NiGt2TAh65RIDX6sSGAWq6moKldQk4BNf wDmAV7HXjOCe7lMMUuKhfKroT7dgAKdWMacDI2nsk7fOhzzdLmTuLxXJMqmlW7F6Y8KQ aw5o2JagHsAwJXHVkkv4lpjFEWD69N5b02d6tAncfk0ygDLv6IGdxIsjuNWA4258Ad3D GV1g==
X-Received: by 10.194.57.5 with SMTP id e5mr1771321wjq.128.1412284976324; Thu, 02 Oct 2014 14:22:56 -0700 (PDT)
Received: from [192.168.1.100] (IGLD-84-228-54-144.inter.net.il. [84.228.54.144]) by mx.google.com with ESMTPSA id be1sm2491870wib.4.2014.10.02.14.22.55 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 02 Oct 2014 14:22:55 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <1412255992.27112.41.camel@dhcp-2-127.brq.redhat.com>
Date: Fri, 3 Oct 2014 00:22:52 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <039F1A93-7C77-45B0-87CA-33E0916FDB35@gmail.com>
References: <20141002005804.2760C1AE9D@ld9781.wdf.sap.corp> <BA2DFF33-7B0C-4E87-9C0E-215933AED88F@akr.io> <CADMpkc+j5kL1G=NA9phQy=nLAEUA1u8jfnNT=2wDp_S=kOTjNQ@mail.gmail.com> <A3F7FDF7-F7C3-4704-8FDD-C1198C6EE1A9@akr.io> <1412253233.27112.31.camel@dhcp-2-127.brq.redhat.com> <73B75C67-2608-4210-A624-14934E08016E@gmail.com> <1412255992.27112.41.camel@dhcp-2-127.brq.redhat.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/IorKWAStNTbuf74t1hEVzL3AkVY
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] adopting ChaCha20 as a WG item was: I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 21:22:59 -0000

On Oct 2, 2014, at 4:19 PM, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:

> On Thu, 2014-10-02 at 15:58 +0300, Yoav Nir wrote:
>> Hi, Nikos
>> 
>> I think yes, especially considering that CFRG has just started RGLC on
>> the document.
>> 
>> I think it’s debatable whether we need so many ciphersuites.
>> Considering that TLS 1.3 will be PFS-only and AEAD-only, I’m not sure
>> we need the ciphersuites in section 4.1, and the RSA (without DHE)
>> ciphersuites. The feedback I got in IPsecME was that we didn’t need
>> anything but the AEAD. But that kind of thing can be debated in the
>> working group.
> 
> Hello Yaov,
> I agree. The non-AEAD ciphersuites are in order to be implementable to
> pre-TLS 1.2. Whether they are applicable to TLS 1.3 or not, is outside
> the scope of this document.
> 

HI Nikos

A pre-1.2 implementation of ChaCha20 assumes that there are libraries out there that on the one hand don’t have TLS 1.2, and on the other hand are still actively developed enough that they will implement a new algorithm.

I don’t think that’s the case. If ChaCha20-Poly1305 is going to be implemented in OpenSSL, it’s going to be in 1.0.1 or 1.0.2. I don’t think anyone’s going to add it to 0.9,8, where every recent patch has been a security hotfix.

Similarly, every library I know of that is being maintained already has TLS 1.2.  I don’t feel strongly about it, but I don’t see the use of having new non-AEAD ciphers at this point.

Yoav