Yoav Nir writes: > Interesting. I thought they were baking AES-CCM into IoT standards. > ChaCha20+Poly1305 are attractive options because of a very small > code base, and a 64-byte workspace for ChaCha (16 x 32-bit ints). > Can’t get below ~500 bytes for AES.
IEEE 802.15.4 has AES-CCM* in the MAC, and there is no algorithm agility there at all, i.e. no other ciphers are possible. There is possibility to message authentication only, or both message authentication and encryption, and there is possibility to do it with either 32, 64, or 128 bit MIC (message integrity code) lengths. Other radio interfaces might of course use something else, and upper layers running over IEEE 802.15.4 or similar might use their own security methods. In the 802.15.4 chipsets there is quite often AES hardware accelerator that can do the AES modes needed for AES-CCM, and because of that the upper layers might also want to use AES-CCM instead of ChaCha20+Poly1305. Anyways I think adding ChaCha20+Poly1305 to algorithms usable in IPsec is good thing, and I support this work. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
