> On 15 Dec 2017, at 3:05, Colm MacCárthaigh <c...@allcosts.net> wrote: > > > > On Thu, Dec 14, 2017 at 5:01 PM, Hanno Böck <ha...@hboeck.de > <mailto:ha...@hboeck.de>> wrote: > On Thu, 14 Dec 2017 16:45:57 -0800 > Colm MacCárthaigh <c...@allcosts.net <mailto:c...@allcosts.net>> wrote: > > > But what would that look like? What would we do now, in advance, to > > make it easy to turn off AES? For example. > > I think this is the wrong way to look at it. > > >From what I'm aware nobody is really concerned about the security of > AES. I don't think that there's any need to prepare for turning off AES. > > Well, DJB is a notable concerned critic of AES and its safety in some > respects ... but I was using AES as kind of a worst-case scenario since so > many things do depend on it and it's especially hard to leave. I'm not aware > of some ground-breaking cryptanalysis :) But I do think the question is worth > having an answer for. I think we *do* need to prepare for turning off AES, > there's always a chance we might have to.
I think that was the point of standardizing ChaCha20-Poly1305. In fact, that’s what is says in the second paragraph of the introduction in RFC 7539: https://tools.ietf.org/html/rfc7539#section-1 <https://tools.ietf.org/html/rfc7539#section-1> Yoav
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls