Hi, Sorry this took me a bit of time to get to, I wanted to read through some of the background materials first and have been a bit swamped lately (should clear up soon). Anyway, I have a few comments from my review and also some from a developer. Please don't feel the need to respond over the weekend as I am sending this late on a Friday.
First, thank you very much for your work on this draft. Having a standby cipher n hand is a good thing for algorithm agility. Hopefully we don't need it for some time. Section 2 talks about AEAD_CHACHA20_POLY1305 and makes the statement that the initialization vector (part of the nonce) does not have to be unpredictable. That might be okay for chacha20 as long as you have uniqueness, but I thought POLY1305 required an unpredictable nonce (section 2.5 of rfc7539). It is not entirely clear to me where that value comes from in this description. Please let me know if I am missing something in section 2. o The Initialization Vector (IV) is 64-bit, and is used as part of the nonce. The IV MUST be unique for each invocation for a particular SA but does not need to be unpredictable. The use of a counter or a linear feedback shift register (LFSR) is RECOMMENDED. The IANA considerations list ENCR_CHACHA20_POLY1305 as the name of the algorithm without explanation in the draft. It appears that this was a WG decision: https://www.ietf.org/mail-archive/web/ipsec/current/msg09772.html An explanation might be helpful. Elsewhere in the draft, you just have AEAD_CHACHA20_POLY1305. I had another implementer of AEAD_CHACHA20_POLY1305 (but not for IPsec) read the draft and he commented that he didn't understand the term 'Standby cipher'. This was clear to me, but I read a lot of drafts. It might be helpful to expand on that a bit more since this came from a developer. He also requested that it would be helpful if the packet could be laid out to explain where the IV, ciphertext and tag go. This seems like a reasonable request and is from a developer. Thank you & have a nice weekend! -- Best regards, Kathleen
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec