IETF Logo Mail Archive

Re: [TLS] Alexey Melnikov's Yes on draft-ietf-tls-chacha20-poly1305-04: (with COMMENT)

Jeffrey Walton <noloader@gmail.com> Thu, 05 May 2016 16:39 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A421C12D70C; Thu, 5 May 2016 09:39:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ygngvMkC7vp; Thu, 5 May 2016 09:39:40 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE45712D70B; Thu, 5 May 2016 09:39:40 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id f89so89801045ioi.0; Thu, 05 May 2016 09:39:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc; bh=Id1gn82Bqqgpp8CyMlD+Qt79qfydMAaTWz2vmGqmzG8=; b=avGdbmWjlVXlY3gzhsH8UhTYtdnOfVlpiQMgHIjBIhGDKZbupwZoYz+zu65kuIYj+v RaUFlDCZ4HwEtf1PXL2T2m6j7YR2+2TJuay4QBzHhVpwqO8JzimX79dXLi9W6JURuxnF HyuhvC52VEGM+sQ/62ulTu7MO/1+XYHgl6VcgIhHZYDY0MtzYB06MoiPpZTAYSI5zU8a NE1IaqdTl1fvmKmGjnB+pdQZn4/ZJV6dcXeL1RFdwUp3oJ/r161dHCnWxF5rn6PgSwgX 6hS7gfdijCVpzVlkrHLkToLpEGGJDnqXt4A8J5R/7enAqgl6pB7wTVA0mxVJ28Z0Pd8Q b5QA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:cc; bh=Id1gn82Bqqgpp8CyMlD+Qt79qfydMAaTWz2vmGqmzG8=; b=Sd9ihALhT93Gpp8ZncBNKVultUN1YpkmVSxl+GfnYdiLpIkyh9vgshiZbXLIG+12FU TMw/+hsjWp10NxiWOy+jBrVywL/GCO5k9zvqqHHXIg6w+XCNIyCOIxxHhoTJzzsLnS5j 2L0nQfy4HtmY92Dnytsp2FZ7iTnfPgFKkpo55/7srEYYF5PMucLzaMdqtCTOc0NUmBUz 5Zi5T5X1635Wg0BuHRZHiY1toOAOQXi8ZMab0s4LTQ5B8LvlQ4HLxzFvOm62EFYqBf0T TyUjZxKZvo0gvTPMf6cY9oQcvPtpguYX55d3dRQo9al/bmvYVk6jLx8j3abBOEmOdS1K s1kA==
X-Gm-Message-State: AOPr4FWA6F/CbUbijjDCIHLQl7YEyqplHPC8guCE0s5CAxu42uH8Ji8gIXRKDqpup/7EFbO/2vIFrJXypDbdcg==
MIME-Version: 1.0
X-Received: by 10.107.56.198 with SMTP id f189mr18590510ioa.156.1462466380062; Thu, 05 May 2016 09:39:40 -0700 (PDT)
Received: by 10.64.245.99 with HTTP; Thu, 5 May 2016 09:39:39 -0700 (PDT)
In-Reply-To: <572B5D61.3020600@cs.tcd.ie>
References: <572B553B.8050805@cs.tcd.ie> <BN1PR09MB12485CDEFB38C52C21FD223F37C0@BN1PR09MB124.namprd09.prod.outlook.com> <1462459509.3180577.599095937.04C39339@webmail.messagingengine.com> <572B5D61.3020600@cs.tcd.ie>
Date: Thu, 05 May 2016 12:39:39 -0400
Message-ID: <CAH8yC8kv_0DrsNG7iucfCVtg2aweEb3ibFSHzHn-8Jh87iCxQg@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/UT0ADtJZtKXUDUjenZ6XssA1Gac>
Cc: "tls@ietf.org" <tls@ietf.org>, Alexey Melnikov <aamelnikov@fastmail.fm>, draft-ietf-tls-chacha20-poly1305@ietf.org, tls-chairs@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [TLS] Alexey Melnikov's Yes on draft-ietf-tls-chacha20-poly1305-04: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2016 16:39:43 -0000

On Thu, May 5, 2016 at 10:49 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
> Thanks all. I updated the RFC editor note to add the FIPS
> reference.
>

You might also consider mentioning the interop problems that are going
to occur when diverging from Bernstein's reference implementation. Its
already creating open questions on other mailing lists. For example,
linux-crypto and
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1137554.html:

    > +     chacha20_block(&crng->state[0], out);
    > +     if (crng->state[12] == 0)
    > +             crng->state[13]++;

    state[12]++? Or why do you increment the nonce?

Jeff

v2.23.0 | Report a Bug | By Email