Yoav Nir <[email protected]> wrote: >> Is this diagram correct:
some comment on the accuracy of my diagram would be appreciated :-)
>> I think that the IANA considerations of ipsecme-chacha20-poly1305
>> should say
>> something like,
>> "According to cfrg-chacha20, Poly-1305 is not suitable for
>> use as a PRF for IKEv2, and this specification explicitely
>> does not allocate a code point for that.”
> That’s kind of a weird thing to write. We don’t allocate an ICMPv6 type
> number either. It’s kind of sad because while Poly1305 is not a good
> PRF, ChaCha20 is. But unfortunately it’s not a good PRF for IKEv2 as it
> requires a constant-size key, and RFC 7296 requires that all PRFs
> support any size key. Of course we could add the blake2 hash function
> to convert any non-256-bit key to a 256-bit key, and blake2 is based on
> the ChaCha20 block function. But we chose not to do this. At least not
> yet.
I predict that in two years, there will be a stream of queries from
@gmail/@hotmail accounts asking in broken english why there isn't a PRF
number. I'll bet we even get an Errata filed :-)
The bit about ChaCha also being wrong would be useful to write down
somewhere.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
