> On Feb 24, 2015, at 4:24 PM, Michael Richardson <[email protected]> wrote:
>
>
> Yoav Nir <[email protected]> wrote:
>>> On Feb 24, 2015, at 1:21 PM, Yoav Nir <[email protected]> wrote:
>>>
>>> In the meantime, I have updated my draft to only define the
>>> AEAD. Since we now have CFRG’s “stamp of approval” …
>
> I needed to read up on these things, and I read:
> ChaCha20+Poly1305 can be as much as 300% faster than AES-256-GCM with SHA-1
> authentication.
I’m guessing you mean AES-256-CBC, because if you use GCM, you don’t need
SHA-1. Either way, these values are right for older Intel chips as well as ARM
and whatever is it that runs in the IoT space. Newer Intel chips with the
AESENC opcode have faster AES-GCM than ChaCha20+Poly1305.
> and claims that Poly1305 is faster than SHA1/2/3.
> This is certainly interesting to me.
>
> {I'm very concerned in the IoT space (not really IPsec related at all), that
> we are cooking too much AES-GCM in as the one and only choice, and may lose
> algorithm agility in protocols.}
Interesting. I thought they were baking AES-CCM into IoT standards.
ChaCha20+Poly1305 are attractive options because of a very small code base, and
a 64-byte workspace for ChaCha (16 x 32-bit ints). Can’t get below ~500 bytes
for AES.
> I am supportive of defining code points for these.
>
> --
> Michael Richardson <[email protected]>, Sandelman Software Works
> -= IPv6 IoT consulting =-
Thanks
Yoav
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
