> On Aug 3, 2015, at 8:39 PM, David Mazieres > <[email protected]> wrote: > > Eric Rescorla <[email protected]> writes: > >> - ECDH_anon with P256 and Curve25519 >> - AES_128_GCM; AES_256_GCM; ChaCha/Poly1305 > > This is a naive question, but could we get some guidance from the powers > that be on what ciphers are and are not appropriate for an experimental > TCPINC protocol document? > > Technically, Curve25519 and ChaCha/Poly1305 both seem like fine options. > Tcpcrypt was even using Poly1305 in an earlier version (I can't remember > if it ever made it into one of our drafts). We removed it from fear > that this would cause standardization issues. It seems Curve25519 is > still an internet draft with informational status, while RFC7539 is an > informational RFC. Is it inappropriate for an experimental TCPINC > protocol document to depend on informational RFCs?
Hi, David RFC 7539 is marked as Informational because it is a product of the CFRG, which is a research group. The algorithms are not something invented in the IETF, so standards track is not appropriate. It’s fine to use both Curve25519 and ChaCha/Poly, and the already-approved "ChaCha20, Poly1305 and their use in IKE & IPsec <https://tools.ietf.org/html/draft-ietf-ipsecme-chacha20-poly1305-12>” which *is* standards track references it. I expect the TLS draft and the drafts for Curve25519 for both IKE and TLS to work the same way. Yoav
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
