[TLS] Status of Cha-Cha/Poly Cipher Suites?

Jeffrey Walton <noloader@gmail.com> Sat, 16 May 2015 21:24 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 542BA1A8765 for <tls@ietfa.amsl.com>; Sat, 16 May 2015 14:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nZpxBiCSeHxd for <tls@ietfa.amsl.com>; Sat, 16 May 2015 14:24:36 -0700 (PDT)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B31741A8761 for <tls@ietf.org>; Sat, 16 May 2015 14:24:36 -0700 (PDT)
Received: by iepk2 with SMTP id k2so146333360iep.3 for <tls@ietf.org>; Sat, 16 May 2015 14:24:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; bh=YwuLgalugehZHrEzgfZKyAATJGIA7RxraNYokWODO/Y=; b=fDeRPERHdZTiazR+P9CnkYHV5eyEGuTrKGxpKmXOtHkSY7C0AfQRwR+irg29o5twPv yUbRKRG3uE2TR3oyPQYfNrvjieOKK07Xlk82NZ+kzTvH4cMlulDUNtg/TAFjlZRPv7tk XkpHOtxDhz+j3fubF5KNFg3FIBPbCnz97rRI7N54Yu3IDfvcw9+vrOKwPMx++tUQGJxV CxF+Z90cKOsooeRgLFN1L93wHirmD7n2dUrIoUo+WnkR9VSTSBCvWt/jG8Etd9Yhj+ld i4++EldZCBRRZEuOO0ccwEJRUDdwAu/N+YIcUjwEhkgRGyr/GOkhI/nqqfTzP1SoiSee IalQ==
MIME-Version: 1.0
X-Received: by with SMTP id a4mr6102764igx.34.1431811476049; Sat, 16 May 2015 14:24:36 -0700 (PDT)
Received: by with HTTP; Sat, 16 May 2015 14:24:35 -0700 (PDT)
Date: Sat, 16 May 2015 17:24:35 -0400
Message-ID: <CAH8yC8mzthFZP=j8Jc6BG4rqhwTgmQVqyBFrGfeWXr8NnvjOoQ@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/YZ9E2wUZe4-no7tXhooMvPUqmj8>
Subject: [TLS] Status of Cha-Cha/Poly Cipher Suites?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 May 2015 21:24:38 -0000

What is the status of cipher suite values for the CHA-CHA/Poly Cipher suites?

The Chrome browser is now warning when either AES/GCM or CHA-CHA/Poly
Cipher suites are not used.

Lack of the cipher suite values is holding up OpenSSL's implementation. [1]

If the IETF considers Chrome (26% market share [2]) and Apache/OpenSSL
based servers (52% market share [3]), then it appears, then the cipher
suite values are long overdue.

Assigning the cipher suite values (whether the TLS WG approves of them
or not) appear to be consistent with RFC 3935:

   In attempting to resolve the question of the IETF's scope, perhaps
   the fairest balance is struck by this formulation: "protocols and
   practices for which secure and scalable implementations are expected
   to have wide deployment and interoperation on the Internet, or to
   form part of the infrastructure of the Internet."

The cipher suites already affects millions to billions of users and devices.

[1] https://mta.openssl.org/pipermail/openssl-users/2015-March/000866.html
[2] https://www.netmarketshare.com/browser-market-share.aspx?qprid=0&qpcustomd=0
[3] http://news.netcraft.com/archives/2014/04/02/april-2014-web-server-survey.html