Re: [IPsec] Fwd: I-D Action: draft-nir-ipsecme-chacha20-poly1305-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 21 January 2014 17:24 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9A5D1A0426 for <ipsec@ietfa.amsl.com>; Tue, 21 Jan 2014 09:24:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AHjLEnaocGTo for <ipsec@ietfa.amsl.com>; Tue, 21 Jan 2014 09:24:19 -0800 (PST)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 66BB01A042B for <ipsec@ietf.org>; Tue, 21 Jan 2014 09:24:18 -0800 (PST)
Received: by mail-wi0-f175.google.com with SMTP id hr1so4693159wib.8 for <ipsec@ietf.org>; Tue, 21 Jan 2014 09:24:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=40GOOrKFbdm7zXG+IJrjyx3hSsSUmbzO5LcTyqxOX5Y=; b=gjpivGiUDKVILe2rfB9kGLXZW2myrKBLzdH40pIEXuqcX//kA6HqFKncpcKLYxx6il +TwAO72vRTHbufLU3kxNKLBIwY+IIkdbNeu/BTCLdZmAsUGmYEQ6z7WzfRFF9JItLfY+ B+DwLIqVtSxqbYk6EwKR+y5umv5qXtXPZpltYPa14nRRv6tCKGNug8HofT4abv6BoCEH CFY7lM9Dpelth6KoJJ2YRZIG0/hyTqHVTnv1AtezgHQlXeApUGnuIUr1qQ8Ph0kbKPtA 1UtajU5Jzy9Jrd13UrGLmiQk7vFWP2M+u0Mp4Vb576MFzC4h0LPFR08ePu4ncSS0yvEE zV0g==
X-Received: by 10.194.241.228 with SMTP id wl4mr20422431wjc.2.1390325057748; Tue, 21 Jan 2014 09:24:17 -0800 (PST)
Received: from [10.0.0.6] ([109.65.96.42]) by mx.google.com with ESMTPSA id ot9sm8987240wjc.0.2014.01.21.09.24.16 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 21 Jan 2014 09:24:17 -0800 (PST)
Message-ID: <52DEAD3F.5000507@gmail.com>
Date: Tue, 21 Jan 2014 19:24:15 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Yoav Nir <ynir@checkpoint.com>, "<ipsec@ietf.org> WG" <ipsec@ietf.org>
References: <20140121140832.15163.31178.idtracker@ietfa.amsl.com> <66DC0FA6-3AA6-4BE3-B521-FDE61D81E7D3@checkpoint.com>
In-Reply-To: <66DC0FA6-3AA6-4BE3-B521-FDE61D81E7D3@checkpoint.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [IPsec] Fwd: I-D Action: draft-nir-ipsecme-chacha20-poly1305-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2014 17:24:22 -0000

Hi Yoav,

Thank you for submitting this draft. I am all in favor of having a 
credible "standby algorithm", and I'm hearing that ChaCha20 is a worthy 
candidate.

What worries me in the current instance is that the definition of the 
algorithm is fluffy. This could be old-fashioned of me, but I think an 
SDO should produce standards, i.e. written documents that allow a 
developer to implement an algorithm without having to resort to reverse 
engineering of libraries. (I do applaud the test vectors though).

I would recommend that you (or someone) publish a CFRG document that we 
can use as a normative reference here. With respect, none of the DJB 
documents cited here (and note that the references themselves are kinda 
incomplete) reads as a formal definition of the algorithm.

Thanks,
	Yaron

On 01/21/2014 06:44 PM, Yoav Nir wrote:
> Hi,
>
> Continuing the conversation about "spare algorithms" in case cryptanalytical results are found against AES, I've submitted this document, modeled roughly around AGL's document for TLS with the same algorithms.
>
> Reviews and comments would be greatly appreciated, as well as anyone checking my examples.
>
> Thanks
>
> Yoav
>
> Begin forwarded message:
>
>> From: <internet-drafts@ietf.org>
>> Subject: I-D Action: draft-nir-ipsecme-chacha20-poly1305-00.txt
>> Date: January 21, 2014 4:08:32 PM GMT+02:00
>> To: <i-d-announce@ietf.org>
>> Reply-To: <internet-drafts@ietf.org>
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>
>>         Title           : ChaCha20 and Poly1305 and their use in IPsec
>>         Author          : Yoav Nir
>> 	Filename        : draft-nir-ipsecme-chacha20-poly1305-00.txt
>> 	Pages           : 16
>> 	Date            : 2014-01-21
>>
>> Abstract:
>>    This document describes the use of the ChaCha20 stream cipher in
>>    IPsec, as well as the use of the Poly1305 authenticator, both as
>>    stand-alone algorithms, and as a combined mode AEAD algorithm.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-nir-ipsecme-chacha20-poly1305/
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-nir-ipsecme-chacha20-poly1305-00
>>
>>
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>