Re: [TLS] WG adoption + early code point assignment: draft-mavrogiannopoulos-chacha-tls

Eric Rescorla <ekr@rtfm.com> Wed, 20 May 2015 15:30 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F17E1A888F for <tls@ietfa.amsl.com>; Wed, 20 May 2015 08:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R6-d-DuFpESt for <tls@ietfa.amsl.com>; Wed, 20 May 2015 08:30:38 -0700 (PDT)
Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 204D81A87BF for <tls@ietf.org>; Wed, 20 May 2015 08:30:37 -0700 (PDT)
Received: by wghq2 with SMTP id q2so56928217wgh.1 for <tls@ietf.org>; Wed, 20 May 2015 08:30:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=zWSU/Jc+echgiKinhX/N4k+v9EFT8RvmYaOMgSY30ac=; b=UKQbHddvhOQbySeGHoGcCY6dweyC2/72mFdSVQcV1MTdjxUrPAd6ij4NkpqPfRKyey FUzZw0Wezy1VQfgirIYHOnc7JiAUuyl29c4xQB9FhUhRR8Rm2AIm+CYijJyO+TzhF6Gn 8V9wn8XAL3YUzu6b0XaSTX/3tDixmVdBTu4IwQTr8+YNz0UR8Afae0VU3BG+syU+vz0/ JV88YAe4SHRbpRoRfYmX+2dy1Om98DeJjYb7NfKt9BmhI91a7INY6kwbYj2l1oKjJdvU lO86vh272Wjw6cFPBvV6bCFmo0VRrGzsaY3+7KuPZiZsSnDQYu3yn7pl4jwuJwK+mt3d MFMg==
X-Gm-Message-State: ALoCoQnqt6tIFYKKl2EXYOr8jvcGK2aTt1qcw2plhuzSlOq2oIx/Uu0A9BUeufxTPxkAiiMqer3C
X-Received: by 10.194.133.73 with SMTP id pa9mr45069330wjb.148.1432135836758; Wed, 20 May 2015 08:30:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.205.87 with HTTP; Wed, 20 May 2015 08:29:56 -0700 (PDT)
In-Reply-To: <CAMfhd9XvrhX3MgjMOQ+P=c8oydWT6F6AwUfFerbSWLgra2tbdw@mail.gmail.com>
References: <FD8B7C3F-C3DD-4367-B84D-26B9907F1B9D@ieca.com> <CABcZeBOqnyXS5kp=ZiN2PpKYt_dOg1+L4_S__h-+YP=n6sHk3A@mail.gmail.com> <1269593170.1072986.1432104184832.JavaMail.zimbra@redhat.com> <CABcZeBNQQKgBzzoia0TWzbG8PycoOLT+ejOM7dwNNfgNoCqRtA@mail.gmail.com> <86AF5010-12A3-410A-AE23-9A0643D536EE@gmail.com> <CAMfhd9XvrhX3MgjMOQ+P=c8oydWT6F6AwUfFerbSWLgra2tbdw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 20 May 2015 08:29:56 -0700
Message-ID: <CABcZeBMB9ieZ2n4maCkJXAWKEto81XDEfFDnjY=X1G3fKNwjcw@mail.gmail.com>
To: Adam Langley <agl@imperialviolet.org>
Content-Type: multipart/alternative; boundary=089e011771a9d2051f0516851bd9
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/UEc58wBH1GDphgGlLe6e2brlMdc>
Cc: IETF TLS Working Group <tls@ietf.org>
Subject: Re: [TLS] WG adoption + early code point assignment: draft-mavrogiannopoulos-chacha-tls
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2015 15:30:40 -0000

On Wed, May 20, 2015 at 8:15 AM, Adam Langley <agl@imperialviolet.org>;
wrote:

> On Wed, May 20, 2015 at 8:13 AM, Yoav Nir <ynir.ietf@gmail.com>; wrote:
> > Yes, there’s that. I think that we should leave the record IV (which this
> > draft makes equal to the RSN, while RFC 5288 allows to be chosen in any
> way)
> > in the record for TLS 1.2.
> > In 1.3 we’re anyway planning to do it differently and omit the IV, so we
> > should do it there for both algorithms
> > It’s a waste of 8 bytes, but that will give us one more reason to
> implement
> > 1.3, no?
>
> Nope, not going waste 8 bytes per record for no reason. The world has
> wasted enough network bandwidth on that in AES-GCM already.
>

What would you think of just adopting the 1.3 approach then?

I don't have a strong opinion on this, but it seems a pity to have three
separate mechanisms.

-Ekr