Re: [TLS] chacha/poly state?
Watson Ladd <watsonbladd@gmail.com> Mon, 28 April 2014 15:05 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A41C1A09EE for <tls@ietfa.amsl.com>; Mon, 28 Apr 2014 08:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzSUB_4UumUN for <tls@ietfa.amsl.com>; Mon, 28 Apr 2014 08:04:58 -0700 (PDT)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) by ietfa.amsl.com (Postfix) with ESMTP id 279561A0971 for <tls@ietf.org>; Mon, 28 Apr 2014 08:04:58 -0700 (PDT)
Received: by mail-yk0-f169.google.com with SMTP id 142so5856621ykq.28 for <tls@ietf.org>; Mon, 28 Apr 2014 08:04:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=7TAshIHEedf8J6PsSxbqyTvfcP0lsr3jW6xNU+WDVCY=; b=ZUI4EVEEcsoJwGiMjTWpz5kEow+qoi35Oe6T89IsZVQxEFaPXXgtyY6cynrQ5c32vU EpvpRzLFuN7tBhQn85CYdCbP164G4cxDYPWNOEU/bMrTNqC0FwkuVMKv9+mc8b9pVbZ6 jtZOkiIE31EGFywWTVljLW7h4XIN8Vp5TwSv4AG4b5BTLTBGqogl9U55DHEDXFgLerWf H/TIPf35M9aylDodt+wPeduVyNTUvX1+NEEvq+3rveLjrrBpnFkd0uVk8K6EQJtRL4/k nIXRerzRT/46thUucGQVofFsWAIAT0A59sbM6BdoJJNUCYPCOQcFJNyfxqXWCjPhHT1Z 4z6g==
MIME-Version: 1.0
X-Received: by 10.236.66.135 with SMTP id h7mr38298869yhd.60.1398697497133; Mon, 28 Apr 2014 08:04:57 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Mon, 28 Apr 2014 08:04:57 -0700 (PDT)
In-Reply-To: <EF841B12-F76E-4D65-AF9C-EF9311C4789A@gmail.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120C35E915@USMBX1.msg.corp.akamai.com> <1398669797.2453.6.camel@dhcp-2-127.brq.redhat.com> <EF841B12-F76E-4D65-AF9C-EF9311C4789A@gmail.com>
Date: Mon, 28 Apr 2014 08:04:57 -0700
Message-ID: <CACsn0cn+NoHJs62zXt+Yh8pkVs4wO=BPmgAfwjMPP2EAstmWUA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/KxyHNHUygRMrAg5EgqDw7zEdRDo
Subject: Re: [TLS] chacha/poly state?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 15:05:01 -0000
On Apr 28, 2014 2:01 AM, "Yoav Nir" <ynir.ietf@gmail.com> wrote: > > > On Apr 28, 2014, at 10:23 AM, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: > > > On Fri, 2014-04-25 at 09:27 -0400, Salz, Rich wrote: > >> What’s the current state of the Cha-Cha/Poly document? Do things need > >> changing, identifiers assigned, or what? > > > > We have submitted our proposal [0] based on the new chacha construction. > > It is up to the chairs to ask for WG adoption. > > > > [0]. http://tools.ietf.org/html/draft-mavrogiannopoulos-chacha-tls-02 > > The chacha in TLS draft depends on draft-nir-cfrg-chacha20-poly1305. > > That still has to go through three “stages”: > > 1. I need to add a bunch of test vectors and an explanation of decryption. Shouldn’t be too difficult with a counter/streamish cipher such as ChaCha > > 2. We need to get a review of it. The changes to ChaCha are minor and do not affect security (IMO), but that’s just me. If we can get DJB to review it and say it’s OK - so much the better So the changes were relabeling some words as counter and others as nonce, in a different way from ChaCha? I think if you can tell that from a PRF, you can tell the original ChaCha from a PRF, because we have an injection into the original input state. Sincerely, Watson Ladd
- [TLS] chacha/poly state? Salz, Rich
- Re: [TLS] chacha/poly state? Nikos Mavrogiannopoulos
- Re: [TLS] chacha/poly state? Yoav Nir
- Re: [TLS] chacha/poly state? Watson Ladd
- Re: [TLS] chacha/poly state? Adam Langley
- Re: [TLS] chacha/poly state? Yoav Nir