[TLS] Fwd: [Uta] RFC 7525bis (TLS BCP) and ChaCha-Poly
Peter Saint-Andre <stpeter@mozilla.com> Thu, 24 June 2021 15:45 UTC
Return-Path: <stpeter@mozilla.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 369BB3A213B for <tls@ietfa.amsl.com>; Thu, 24 Jun 2021 08:45:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YmwZbHxAhrYt for <tls@ietfa.amsl.com>; Thu, 24 Jun 2021 08:45:49 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 212A93A20EA for <tls@ietf.org>; Thu, 24 Jun 2021 08:45:48 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id i13so2571772ilu.4 for <tls@ietf.org>; Thu, 24 Jun 2021 08:45:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=bOd9gNAY0k6LmNChJ4SSHFBEZAfoJIY/vDz3Ct7K+ig=; b=DhAWGt9EI1OJxpxSS0OiRoEuQSyNo3Uks55swULTv0Vr/iODoiwX1ItwrNxFutonJZ QmVB+t15+DcGgFTvJaIcAiGh728UQPTNmJrzfOST6PGXCNjyHJ0Z3E5FVYblenuewguF OkfQgQPfySQtJeEPDOCXUvKbobKKCIHbllUwE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=bOd9gNAY0k6LmNChJ4SSHFBEZAfoJIY/vDz3Ct7K+ig=; b=ItrchhWgN7h9q2ARYVJFPZUU95AuFGVUVhex3luWos07sM9UaSUI9Bk3exhtQnIO3u unTbsieE+GWEgKEFMsZ/s1f0UCnbnYgM2cYhvOe2vNJehZtOXSm16ROT3cMmSWHxEb04 gB7hGLRrHMUdaP3fs1e9XlFq3I36eBQfxZCHwCePvMLqnpiaJJv3OMiw96AKFNxqJs5M zm27c3mTQmb8j5ZEwnuP6TwhHY8qBsz1ea1pJ5mTCUReko+ZT7zLwJufFU+rZQb6We/T PPVUQqrDV3C8iZQVbkJgi3fZnYBKxj410lsNO4+y6CY9Lw/q9OYFXFMa3MVdqV0l3CAi EopA==
X-Gm-Message-State: AOAM533q0HFvWDCj+vsub6aK/tuozdhTN45ioqPuRBXX+NqdRhk/UUTa FRbY5FErXYA5N3S/OmXmGnBtXQ==
X-Google-Smtp-Source: ABdhPJyhnkRRILt1JTADsSgxFxGkxe9EoYVD3xBvGrbMXEqFYglHrikMRh18u99Ip4sofEBjvQMB9w==
X-Received: by 2002:a92:cb91:: with SMTP id z17mr4356200ilo.31.1624549546878; Thu, 24 Jun 2021 08:45:46 -0700 (PDT)
Received: from dragon.local (c-73-78-113-156.hsd1.co.comcast.net. [73.78.113.156]) by smtp.gmail.com with ESMTPSA id k10sm1648734ion.38.2021.06.24.08.45.45 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 24 Jun 2021 08:45:46 -0700 (PDT)
References: <621E708B-D2E1-41A1-A699-E5B302EC2E1A@gmail.com>
To: tls@ietf.org
From: Peter Saint-Andre <stpeter@mozilla.com>
X-Forwarded-Message-Id: <621E708B-D2E1-41A1-A699-E5B302EC2E1A@gmail.com>
Message-ID: <c8f12151-dac6-2d1a-16c2-9e05023259de@mozilla.com>
Date: Thu, 24 Jun 2021 09:45:44 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <621E708B-D2E1-41A1-A699-E5B302EC2E1A@gmail.com>
Content-Type: multipart/mixed; boundary="------------F30E8AD47E79B5281862C642"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xOWxX1zqZpTdjpYURmTuv1P2xz0>
Subject: [TLS] Fwd: [Uta] RFC 7525bis (TLS BCP) and ChaCha-Poly
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2021 15:45:51 -0000
FYI for those not on the UTA WG list. Please discuss there. /psa -------- Forwarded Message -------- Subject: [Uta] RFC 7525bis (TLS BCP) and ChaCha-Poly Date: Thu, 24 Jun 2021 12:34:59 +0300 From: Yaron Sheffer <yaronf.ietf@gmail.com> To: uta@ietf.org <uta@ietf.org> Hi, Here’s to remind the working group that we are moving along with the bis document. We recently added an author, Thomas Fossati. Our activity is on GitHub [1] and we welcome your inputs. We have been steadily closing issues and plan to have a “feature complete” version -01 before IETF-111. And now a question to the list: the authors have been debating whether we should add TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 as a fifth recommended cipher suite for TLS 1.2. Reminder: a similar cipher suite is already recommended for TLS 1.3 implementation in RFC 8446. Pro: * The cipher suite is widely implemented in libraries. * There is already non-negligible usage of ChaCha-Poly (it is not clear from the data what percentage is on TLS 1.2). * Cipher diversity is clearly a good thing, and currently we only recommend AES-GCM cipher suites. Con: * Usage is quite low, at most 10% or so, and there are indications that people are moving back to AES-GCM on mobile, given new CPU support on ARM. * No need for cipher diversity in TLS 1.2, if people want ChaCha they can move to 1.3. * More generally, we should try to minimize changes to the TLS 1.2 ecosystem. Our recommendations for TLS 1.2 are less likely to be adopted, and in general we would rather move people to 1.3. We would appreciate the list weighing in. Thanks, Yaron, Peter and Thomas [1] https://github.com/yaronf/I-D/tree/main/BCP195bis <https://github.com/yaronf/I-D/tree/main/BCP195bis> and https://github.com/yaronf/I-D/issues?q=is%3Aissue+is%3Aopen+label%3ABCP195 <https://github.com/yaronf/I-D/issues?q=is%3Aissue+is%3Aopen+label%3ABCP195>
- [TLS] Fwd: [Uta] RFC 7525bis (TLS BCP) and ChaCha… Peter Saint-Andre