Re: [TLS] ChaCha20 + Poly1305 in TLS

Adam Langley <agl@google.com> Wed, 11 September 2013 15:29 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2DF221E8128 for <tls@ietfa.amsl.com>; Wed, 11 Sep 2013 08:29:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.676
X-Spam-Level:
X-Spam-Status: No, score=-1.676 tagged_above=-999 required=5 tests=[AWL=0.302, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rrY0IZCkSW-6 for <tls@ietfa.amsl.com>; Wed, 11 Sep 2013 08:29:19 -0700 (PDT)
Received: from mail-ob0-x22a.google.com (mail-ob0-x22a.google.com [IPv6:2607:f8b0:4003:c01::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 88E2C21F9E95 for <tls@ietf.org>; Wed, 11 Sep 2013 08:29:12 -0700 (PDT)
Received: by mail-ob0-f170.google.com with SMTP id eh20so8677600obb.15 for <tls@ietf.org>; Wed, 11 Sep 2013 08:29:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=jGV3Kw6Piuar8S8zDfHkB3MkeRD0wcH2KRU0pbP8Rr4=; b=YvphkGWfEJWqSBdwrE+ZlgmKaJBauB4pQjGMoKo04GoPOs4eZ2AJcj9ezngOZBQxME 9cyGl+7Ln+HmW6xEkjvljLLg4SW8I3yxjxsdq9KDZedwCjSUYAWkVQwX8ifvSuoSkmWf MF0VKvjd4RdzfDE03F1aKMKAGJ/Xsyn2PUpIKs/GoRyLUIowwd2sTJnEo95Bbmfi7Uwp DoAEfBLm600iIGlQrcFS8teeC5SnjrzAcsraid4TRITLnSkVBJByncFmh9f4MQMQqs0V KLBrcN0vFpiDzL2jxmgBubAIp4DRGG1s+TgAW5bthwPeB2gf/yNBW0F6SXFkFhvP19Hs XrTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=jGV3Kw6Piuar8S8zDfHkB3MkeRD0wcH2KRU0pbP8Rr4=; b=jAI0bqCSm9cmerST740QZ2Pk0i1S7oot+mYTWXLbXTZMilvVV/4njUYuZOSkXj5E23 lt2xv7kJdjPFHLhgu9BcZe1n57pcCKb8+P61hoiUz/PQlhlmlt9jRq8I4vBty3thK1zu VkJJdAnKaQBbcWlz9dHH46rKN4g7l1nv8M+PKSwFP+pGYEwW9URdgo8vLBFmrX1C6z4F vjlBpTLfKpLty08onvz+Yth29sEbeOGSh5gf7GRkYCm/5mad8QJM+XqAHkme7ZsWp+2z qwrH/WbDcNOi0/eW+dSPNRKV72I1wK501kNvmWWYAV7JGPB9S/EdBe7PUhscNiuDxzn1 XQOg==
X-Gm-Message-State: ALoCoQnNy+iHWPUM++k5NgtDQitwtj03Zq6Acjd/8aVodTCM8Y4sU697M7bBvmzQ6DlbHdMM9idAkIrSnkvD5lU7oespO+yQxHTcD6NW/HVtjRPt/BoDMAP+q8NOqGw60sYT/MRsQ8hog5V+XVK2VrrKuhx4KmLVU/UBhftaRMs+JBcumHkv5YizXKn4ihElUpnCZgrm4Fca
X-Received: by 10.182.81.41 with SMTP id w9mr2031544obx.18.1378913349685; Wed, 11 Sep 2013 08:29:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.79.105 with HTTP; Wed, 11 Sep 2013 08:28:49 -0700 (PDT)
In-Reply-To: <D4F4C80B-8CB3-4F15-9803-277698FDCF0E@checkpoint.com>
References: <CAL9PXLyLre-fySOY2H4oLAwSxiBmG+mnrJe9YiD9+OHmPVG-oA@mail.gmail.com> <52306269.7020200@drh-consultancy.co.uk> <CAL9PXLxm=WezLdg2EMuh--aW+cR5CJzCFeYgySQGqhQPOn3ntA@mail.gmail.com> <D4F4C80B-8CB3-4F15-9803-277698FDCF0E@checkpoint.com>
From: Adam Langley <agl@google.com>
Date: Wed, 11 Sep 2013 11:28:49 -0400
Message-ID: <CAL9PXLwWkVF7efgf07JmMNMi4gXUrcYmbQXVNKr52UwqirQsxA@mail.gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] ChaCha20 + Poly1305 in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 15:29:21 -0000

On Wed, Sep 11, 2013 at 11:26 AM, Yoav Nir <ynir@checkpoint.com>; wrote:
> Considering the performance difference, I though ECDHE-RSA would be in order. We have to have the RSA because that's what we have in the certificates, but might as well not add the extra work that is DHE. That's the reason why Google servers prefer ECDHE-RSA ciphersuites, no?

An ECDHE-RSA variant was included in -00 for this reason. Although I'd
*like* to only deal with ECDHE-ECDSA, we're not there yet for the
reasons that you identify.


Cheers

AGL