Re: [TLS] open issues for draft-ietf-tls-chacha20-poly1305-00

Martin Thomson <martin.thomson@gmail.com> Tue, 04 August 2015 16:15 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B0811A1B5C for <tls@ietfa.amsl.com>; Tue, 4 Aug 2015 09:15:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPkkgztgyxmI for <tls@ietfa.amsl.com>; Tue, 4 Aug 2015 09:15:36 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A61DB1A870B for <tls@ietf.org>; Tue, 4 Aug 2015 09:15:30 -0700 (PDT)
Received: by lbbud7 with SMTP id ud7so9046778lbb.3 for <tls@ietf.org>; Tue, 04 Aug 2015 09:15:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=P61GB5OcQME17ykCS7gu5mWo/jJKxUv7cm3QgE6lp6Q=; b=kRHR5m0NGmrqRKh7/qvyyKBnqfCV4eSHVjr9toaxntrZ8ZgpMTuNyWA1ZnBDr8OKzp WwzPyIX3mtebqxMybSJRrXnksXOyocgj42jso+4qOuj2fK7PB5jajbwEnQURlJX+1yNI yCYQ3Owo2DBqPDpONfcyaRfoWhqFzX97kpcDq2IN15Il0GGRBBmBQm7SvtmzlwEddM53 L9/rc0D6a+z8CBNz/HlLyiTV93kIGtMavw7HdR1N0ppM+vhCQbso+WG2k6doUOMCLzGc Hd7EGZjv6bUDZzgQaRrS9uXViYNHjHESA/9Miqf26RpOc+KTvRqeKey3Q3fS1XZH9pPy zFww==
MIME-Version: 1.0
X-Received: by 10.152.121.4 with SMTP id lg4mr4372012lab.112.1438704929255; Tue, 04 Aug 2015 09:15:29 -0700 (PDT)
Received: by 10.25.197.87 with HTTP; Tue, 4 Aug 2015 09:15:29 -0700 (PDT)
In-Reply-To: <1438691824.10777.9.camel@redhat.com>
References: <1438691824.10777.9.camel@redhat.com>
Date: Tue, 4 Aug 2015 09:15:29 -0700
Message-ID: <CABkgnnVLahWvJ1ONUW7RLTuUVj1nrGVwgxBGsh2A58r1Gjf3aw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/r0ofss_yStoReWXtTNiH_k7BVAo>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] open issues for draft-ietf-tls-chacha20-poly1305-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 16:15:37 -0000

On 4 August 2015 at 05:37, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:
> Is there any support for
> switching these ciphersuites to draft-TLS 1.3 nonce mechanism even for
> TLS 1.2? The alternative is to use the TLS 1.2 mechanism with the
> redundant bytes redacted as the draft is now [1].

Personally, I would rather see the nonce construction follow the form
defined in the respective TLS version.  That means including redundant
bytes in TLS 1.2 and only getting the full advantage when we move to
TLS 1.3.