Re: [TLS] I-D Action: draft-ietf-tls-chacha20-poly1305-00.txt

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 14 June 2015 13:46 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43E231B2EE9 for <tls@ietfa.amsl.com>; Sun, 14 Jun 2015 06:46:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PyyZz765W19U for <tls@ietfa.amsl.com>; Sun, 14 Jun 2015 06:46:43 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBFD11B2EE4 for <tls@ietf.org>; Sun, 14 Jun 2015 06:46:42 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 914A6284AD9; Sun, 14 Jun 2015 13:46:39 +0000 (UTC)
Date: Sun, 14 Jun 2015 13:46:39 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150614134639.GN2050@mournblade.imrryr.org>
References: <20150611170317.13732.72719.idtracker@ietfa.amsl.com> <201506122355.45772.davemgarrett@gmail.com> <87r3petrfq.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87r3petrfq.fsf@latte.josefsson.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/dd69Vg4o2oUq29VVJftNbUeL2Q0>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-chacha20-poly1305-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jun 2015 13:46:44 -0000

On Sun, Jun 14, 2015 at 02:17:29PM +0200, Simon Josefsson wrote:

> > After discussion earlier involving ECDHE_anon cipher suites, it
> > occurred to me that it could be useful to define one for ChaChaPoly in
> > this draft.
> >
> > Is it viable to add a cipher suite name and codepoint for this?
> 
> What is the use-case?

0.   Authentication other than via certificate-based PKI.  Establish
     anon TLS, and channel-bind the TLS-unique via GSSAPI or some
     other authentication method.

1.  Unauthenticated opportunistic TLS.

    * Server performs no unnecessary signature operations,
      since the client can't verify the signature anyway.
      (More precisely the client can't verify the authenticity
      of the server keys, so it can only determine that somebody
      signed the handshake, but no idea whether it is the intended
      server).

    * Servers can tell which clients are not verifying their
      identity, (definitely the ones the offer or negotiate "anon"
      ciphersuites).  This is useful information.

-- 
	Viktor.