On Mon, Aug 3, 2015 at 10:39 AM, David Mazieres < [email protected]> wrote:
> Eric Rescorla <[email protected]> writes: > > > - ECDH_anon with P256 and Curve25519 > > - AES_128_GCM; AES_256_GCM; ChaCha/Poly1305 > > This is a naive question, but could we get some guidance from the powers > that be on what ciphers are and are not appropriate for an experimental > TCPINC protocol document? > > Technically, Curve25519 and ChaCha/Poly1305 both seem like fine options. > Tcpcrypt was even using Poly1305 in an earlier version (I can't remember > if it ever made it into one of our drafts). We removed it from fear > that this would cause standardization issues. It seems Curve25519 is > still an internet draft with informational status, while RFC7539 is an > informational RFC. Is it inappropriate for an experimental TCPINC > protocol document to depend on informational RFCs? > > In order to ensure an apples-to-apples comparison between tcpcrypt and > TCP-use-TLS, I'd like to suggest that we at least attempt to agree on > one or two initial cipher suites for both protocols to support. FWIW, in TLS we expect to advance standards track drafts for both Curve25519 and ChaCha/Poly, so I don't think that's going to cause dependency issues. -Ekr
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
