Hi Yoav,
Can you explain why we need Poly1305 at all? We have SHA-2 and will
probably adopt Keccak (SHA-3), so it's not like we don't have a backup.
Let me suggest that we adopt *only* ChaCha20, which can be combined with
any integrity protection algorithm in the normal ESP way. Is there any
extra value (maybe code sharing?) in predefining an AEAD?
Thanks,
Yaron
On 03/09/2014 05:03 PM, Yoav Nir wrote:
Hi
draft-nir-ipsecme-chacha20-poly1305 currently specifies three transforms:
1. chacha20 as a stand-alone cipher
2. Poly1305 as a stand-alone MAC
3. ChaCha20-Poly1305 as an AEAD.
Some people in the room said that we should only do the AEAD and skip
the stand-alone algorithms. This would prevent SAs with combinations
such as ChaCha20 + HMAC-SHA1 or AES-128-CBC + Poly1305.
I'm not saying whether we need or don't need these combinations. I don't
see much use for them personally. My question to the list now is whether
everyone agrees that it's fine to drop them and leave only the combined
mode algorithm in the draft.
Thanks
Yoav
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
