IETF Logo Mail Archive

Re: [TLS] ChaCha20 + Poly1305 in TLS

Yoav Nir <ynir@checkpoint.com> Wed, 11 September 2013 15:28 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF7D611E819C for <tls@ietfa.amsl.com>; Wed, 11 Sep 2013 08:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.542
X-Spam-Level:
X-Spam-Status: No, score=-9.542 tagged_above=-999 required=5 tests=[AWL=1.057, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWO4Y6C4aEzq for <tls@ietfa.amsl.com>; Wed, 11 Sep 2013 08:27:57 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id A0BDF21F9DA1 for <tls@ietf.org>; Wed, 11 Sep 2013 08:26:39 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r8BFQMDL015150; Wed, 11 Sep 2013 18:26:22 +0300
X-CheckPoint: {52308B9D-12-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.173]) by IL-EX10.ad.checkpoint.com ([169.254.2.246]) with mapi id 14.02.0347.000; Wed, 11 Sep 2013 18:26:22 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Adam Langley <agl@google.com>
Thread-Topic: [TLS] ChaCha20 + Poly1305 in TLS
Thread-Index: AQHOrjmxRJ1QpN2c0UyG/dubgYCJVZnARqyAgAAbXACAABVXgA==
Date: Wed, 11 Sep 2013 15:26:21 +0000
Message-ID: <D4F4C80B-8CB3-4F15-9803-277698FDCF0E@checkpoint.com>
References: <CAL9PXLyLre-fySOY2H4oLAwSxiBmG+mnrJe9YiD9+OHmPVG-oA@mail.gmail.com> <52306269.7020200@drh-consultancy.co.uk> <CAL9PXLxm=WezLdg2EMuh--aW+cR5CJzCFeYgySQGqhQPOn3ntA@mail.gmail.com>
In-Reply-To: <CAL9PXLxm=WezLdg2EMuh--aW+cR5CJzCFeYgySQGqhQPOn3ntA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.1]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="us-ascii"
Content-ID: <277C600B6DB96041B045D75047B5C843@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] ChaCha20 + Poly1305 in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 15:28:11 -0000

On Sep 11, 2013, at 5:08 PM, Adam Langley <agl@google.com> wrote:

>> Would it make sense to include some DHE ciphersuites as well as the ECDH ones
>> for implementations which (for whatever reason) do not support or disable ECDH?
> 
> I would like to support only ECDHE-ECDSA at this point but RSA has
> significant inertia because of the CA system. On reflection, it does
> seem reasonable that some implementations might not want the weight of
> an ECC implementation given that they have to have
> multiplicative-modexp for RSA anyway. So I've spun version -01 with
> with a DHE_RSA ciphersuite too.

Considering the performance difference, I though ECDHE-RSA would be in order. We have to have the RSA because that's what we have in the certificates, but might as well not add the extra work that is DHE. That's the reason why Google servers prefer ECDHE-RSA ciphersuites, no?

Yoav

v2.23.0 | Report a Bug | By Email