Re: [TLS] comparison of draft-josefsson-salsa20-tls-02 and draft-agl-tls-chacha20poly1305-02
Adam Langley <agl@google.com> Wed, 23 October 2013 14:59 UTC
Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05A6911E81AF for <tls@ietfa.amsl.com>; Wed, 23 Oct 2013 07:59:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RK+VXONiUMfX for <tls@ietfa.amsl.com>; Wed, 23 Oct 2013 07:59:09 -0700 (PDT)
Received: from mail-ve0-x22c.google.com (mail-ve0-x22c.google.com [IPv6:2607:f8b0:400c:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 7A27511E838F for <tls@ietf.org>; Wed, 23 Oct 2013 07:59:09 -0700 (PDT)
Received: by mail-ve0-f172.google.com with SMTP id cz12so529551veb.3 for <tls@ietf.org>; Wed, 23 Oct 2013 07:59:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=R3EOUPAE0mVHp4YSvbTqrAxpIUuF79ZPS4bYAv96xvU=; b=LxG8/EtooMLTznQyjdsSGN4R9iOSBWbl3sIl1NH01SU6mXF7GoScKpYklRl1b7YGyt FeKMNq5iXerFbmHWLlWMH+kO4ZlrPUyXozWD2KVbQmx/glBQwdGduDKaN2l/wnQjiQtx pn5xy0cTtTNGw7+Cdex/hJxjCwj84ECZBxXr/90xFsW0Tf/uacUMph4qJvEe+oENveWz sxoaXIq3axv4uOl2X+w6fdPNu99N5ttF9O8PCwvDeIWiCvkDie6kfy/rJJjLDCleqxOF +yREOApec442x0OhtFioIX9yy+ifSBILWCRDmh41pzqX5VlTU5ZWSFTTBZZE+rTHIKSN XRrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=R3EOUPAE0mVHp4YSvbTqrAxpIUuF79ZPS4bYAv96xvU=; b=KjpEqz9J8h9wtJ4JfhOKtYBQq8r3iPitlRz7J5IuzAyIazP+qSx+F93tke+1sw1/Rq /eVxWORwJmxXs2ZkTn+1FZD4shrnDA2KFsGEfMd9jya4q/724iMJqk/cnK5dAFTDrYhW MyT3lLK4JWh8bcyXJFh43r7/7/dCTI8NKFAK2xAL3pkmRYEpUs+JnJbpaWlh/cGWMqs3 9UBeeFRUoj6d+spI8GE4YHhabAfUbsry31iur29BGVmuIY3hyg7R9o4W+rnZkQ29GeOC 3rpsd57eXQ2RXghhDtMCoRLiPSB5wxTgDd2bOIDEc9oN35lqF7zt0kjF9W33mSEagjeR UBKQ==
X-Gm-Message-State: ALoCoQnxYA2z4GRkZ5un4QD9ByhlxEegJsPJg6gzpwFHJ+v4eTly4++qOfZk4H8BdEPzveF3hRSMyGh+TZGEPFAdk4k6tkJYUTeNsOQGZahvCvNZGwgqj5HNfqbPDucTx3fu+T2yk1QvVGb/OK28/LzucMpldA2bKLW14Ny7l6Ry67cbnCa+z1Uq/wKAtaZ61/nUVlghzD+2
X-Received: by 10.220.145.75 with SMTP id c11mr787661vcv.30.1382540349070; Wed, 23 Oct 2013 07:59:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.100.40 with HTTP; Wed, 23 Oct 2013 07:58:48 -0700 (PDT)
In-Reply-To: <5267E276.9050107@gnutls.org>
References: <526797EE.2000206@gnutls.org> <CAL9PXLyguGgFtb9NqbkvrL82fV-Aj=HFJiex-Hu32xEec=9SLQ@mail.gmail.com> <5267E276.9050107@gnutls.org>
From: Adam Langley <agl@google.com>
Date: Wed, 23 Oct 2013 10:58:48 -0400
Message-ID: <CAL9PXLzCTcaAHF5N_YiBaz+kP5ez6KaPkhOLfCPsSJ9jfCxehQ@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Content-Type: text/plain; charset="UTF-8"
Cc: "tls@ietf.org" <tls@ietf.org>, Joachim Strömbergson <joachim@secworks.se>
Subject: Re: [TLS] comparison of draft-josefsson-salsa20-tls-02 and draft-agl-tls-chacha20poly1305-02
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 14:59:10 -0000
On Wed, Oct 23, 2013 at 10:51 AM, Nikos Mavrogiannopoulos <nmav@gnutls.org> wrote: > As far as I understand you use chacha to generate the keystream for > poly1305. Thus you carry state between records (chacha is a stream > cipher). I don't know if I have missed anything there, but I don't see > resetting chacha with a new IV per MAC calculation. There is no state carried between records: "ChaCha20 is run with the given key and nonce and with the two counter words set to zero. The first 32 bytes of the 64 byte output are saved to become the one-time key for Poly1305." (The nonce is the sequence number of the record.) (http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-00#section-5) Cheers AGL
- [TLS] comparison of draft-josefsson-salsa20-tls-0… Nikos Mavrogiannopoulos
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Eric Rescorla
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Adam Langley
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Nikos Mavrogiannopoulos
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Nikos Mavrogiannopoulos
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Adam Langley
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Eric Rescorla
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Nikos Mavrogiannopoulos
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Nikos Mavrogiannopoulos
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Adam Langley
- Re: [TLS] comparison of draft-josefsson-salsa20-t… Robert Ransom
- [TLS] DTLS resilience [was: comparison of draft-j… Nikos Mavrogiannopoulos