[TLS] Fwd: [Uta] RFC 7525bis (TLS BCP) and ChaCha-Poly

Peter Saint-Andre <stpeter@mozilla.com> Thu, 24 June 2021 15:45 UTC

Return-Path: <stpeter@mozilla.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 369BB3A213B for <tls@ietfa.amsl.com>; Thu, 24 Jun 2021 08:45:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YmwZbHxAhrYt for <tls@ietfa.amsl.com>; Thu, 24 Jun 2021 08:45:49 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 212A93A20EA for <tls@ietf.org>; Thu, 24 Jun 2021 08:45:48 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id i13so2571772ilu.4 for <tls@ietf.org>; Thu, 24 Jun 2021 08:45:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=bOd9gNAY0k6LmNChJ4SSHFBEZAfoJIY/vDz3Ct7K+ig=; b=DhAWGt9EI1OJxpxSS0OiRoEuQSyNo3Uks55swULTv0Vr/iODoiwX1ItwrNxFutonJZ QmVB+t15+DcGgFTvJaIcAiGh728UQPTNmJrzfOST6PGXCNjyHJ0Z3E5FVYblenuewguF OkfQgQPfySQtJeEPDOCXUvKbobKKCIHbllUwE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=bOd9gNAY0k6LmNChJ4SSHFBEZAfoJIY/vDz3Ct7K+ig=; b=ItrchhWgN7h9q2ARYVJFPZUU95AuFGVUVhex3luWos07sM9UaSUI9Bk3exhtQnIO3u unTbsieE+GWEgKEFMsZ/s1f0UCnbnYgM2cYhvOe2vNJehZtOXSm16ROT3cMmSWHxEb04 gB7hGLRrHMUdaP3fs1e9XlFq3I36eBQfxZCHwCePvMLqnpiaJJv3OMiw96AKFNxqJs5M zm27c3mTQmb8j5ZEwnuP6TwhHY8qBsz1ea1pJ5mTCUReko+ZT7zLwJufFU+rZQb6We/T PPVUQqrDV3C8iZQVbkJgi3fZnYBKxj410lsNO4+y6CY9Lw/q9OYFXFMa3MVdqV0l3CAi EopA==
X-Gm-Message-State: AOAM533q0HFvWDCj+vsub6aK/tuozdhTN45ioqPuRBXX+NqdRhk/UUTa FRbY5FErXYA5N3S/OmXmGnBtXQ==
X-Google-Smtp-Source: ABdhPJyhnkRRILt1JTADsSgxFxGkxe9EoYVD3xBvGrbMXEqFYglHrikMRh18u99Ip4sofEBjvQMB9w==
X-Received: by 2002:a92:cb91:: with SMTP id z17mr4356200ilo.31.1624549546878; Thu, 24 Jun 2021 08:45:46 -0700 (PDT)
Received: from dragon.local (c-73-78-113-156.hsd1.co.comcast.net. []) by smtp.gmail.com with ESMTPSA id k10sm1648734ion.38.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 24 Jun 2021 08:45:46 -0700 (PDT)
References: <621E708B-D2E1-41A1-A699-E5B302EC2E1A@gmail.com>
To: tls@ietf.org
From: Peter Saint-Andre <stpeter@mozilla.com>
X-Forwarded-Message-Id: <621E708B-D2E1-41A1-A699-E5B302EC2E1A@gmail.com>
Message-ID: <c8f12151-dac6-2d1a-16c2-9e05023259de@mozilla.com>
Date: Thu, 24 Jun 2021 09:45:44 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <621E708B-D2E1-41A1-A699-E5B302EC2E1A@gmail.com>
Content-Type: multipart/mixed; boundary="------------F30E8AD47E79B5281862C642"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xOWxX1zqZpTdjpYURmTuv1P2xz0>
Subject: [TLS] Fwd: [Uta] RFC 7525bis (TLS BCP) and ChaCha-Poly
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2021 15:45:51 -0000

FYI for those not on the UTA WG list. Please discuss there.


-------- Forwarded Message --------
Subject: 	[Uta] RFC 7525bis (TLS BCP) and ChaCha-Poly
Date: 	Thu, 24 Jun 2021 12:34:59 +0300
From: 	Yaron Sheffer <yaronf.ietf@gmail.com>
To: 	uta@ietf.org <uta@ietf.org>



Here’s to remind the working group that we are moving along with the bis
document. We recently added an author, Thomas Fossati. Our activity is
on GitHub [1] and we welcome your inputs. We have been steadily closing
issues and plan to have a “feature complete” version -01 before IETF-111.


And now a question to the list: the authors have been debating whether
we should add TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 as a fifth
recommended cipher suite for TLS 1.2. Reminder: a similar cipher suite
is already recommended for TLS 1.3 implementation in RFC 8446.



  * The cipher suite is widely implemented in libraries.
  * There is already non-negligible usage of ChaCha-Poly (it is not
    clear from the data what percentage is on TLS 1.2).
  * Cipher diversity is clearly a good thing, and currently we only
    recommend AES-GCM cipher suites.



  * Usage is quite low, at most 10% or so, and there are indications
    that people are moving back to AES-GCM on mobile, given new CPU
    support on ARM.
  * No need for cipher diversity in TLS 1.2, if people want ChaCha they
    can move to 1.3.
  * More generally, we should try to minimize changes to the TLS 1.2
    ecosystem. Our recommendations for TLS 1.2 are less likely to be
    adopted, and in general we would rather move people to 1.3.


We would appreciate the list weighing in.



                Yaron, Peter and Thomas


[1] https://github.com/yaronf/I-D/tree/main/BCP195bis
<https://github.com/yaronf/I-D/tree/main/BCP195bis> and