IETF Logo Mail Archive

[TLS] ChaCha and IVs

Stephen Kent <kent@bbn.com> Tue, 04 March 2014 16:53 UTC

Return-Path: <kent@bbn.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9B01A01CD for <tls@ietfa.amsl.com>; Tue, 4 Mar 2014 08:53:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Level:
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VjiFMwtHUl1l for <tls@ietfa.amsl.com>; Tue, 4 Mar 2014 08:53:44 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 0CADF1A0191 for <tls@ietf.org>; Tue, 4 Mar 2014 08:53:44 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:45644 helo=dhcp-a575.meeting.ietf.org) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1WKsbC-000JSu-2L; Tue, 04 Mar 2014 11:53:46 -0500
Message-ID: <53160513.20703@bbn.com>
Date: Tue, 04 Mar 2014 11:53:39 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: tls@ietf.org, Steve Kent <kent@bbn.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/aoA4Cd_YzocYFO6iHM_u3Y1dLhU
Subject: [TLS] ChaCha and IVs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2014 16:53:46 -0000

For those who did not attend or remotely participate in the TLS WG meeting
on 3/4/14, EKR suggested that I draw your attention to the slides I 
presented.

The focus of my presentation was a suggestion that ChaCha, when its used 
as a
cipher suite for DTLS, use an explicit IV for the per-packet unique value,
not re-use the DTLS record number (to save space).

I reviewed several reasons for this, based on discussions that took place in
the IPsec WG several years ago, when we considered the same topic for 
AES counter
mode use with ESP. We decided to require each packet to carry an IV 
independent of
the ESP sequence number (or extended sequence number). Slide 5 of my 
presentation
enumerates reasons for not re-using a packet/record sequence number for 
an IV.
I also noted (Slide 3) that the proposal to use ChaCha with ESP follows the
approach we have adopted for other algorithms, and thus it is preferable 
that
DTLS use the same approach, to enable common hardware and software 
implementations
to support both protocols.

Steve

v2.23.0 | Report a Bug | By Email