draft-ietf-tls-chacha20-poly1305-03.txt		draft-ietf-tls-chacha20-poly1305-04.txt
	Network Working Group A. Langley		Network Working Group A. Langley
	Internet-Draft W. Chang		Internet-Draft W. Chang
	Updates: 5246, 6347 (if approved) Google Inc		Updates: 5246, 6347 (if approved) Google Inc
	Intended status: Standards Track N. Mavrogiannopoulos		Intended status: Standards Track N. Mavrogiannopoulos
	Expires: June 2, 2016 Red Hat		Expires: June 18, 2016 Red Hat
	J. Strombergson		J. Strombergson
	Secworks Sweden AB		Secworks Sweden AB
	S. Josefsson		S. Josefsson
	SJD AB		SJD AB
	November 30, 2015		December 16, 2015
	ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)		ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)
	draft-ietf-tls-chacha20-poly1305-03		draft-ietf-tls-chacha20-poly1305-04
	Abstract		Abstract
	This document describes the use of the ChaCha stream cipher and		This document describes the use of the ChaCha stream cipher and
	Poly1305 authenticator in the Transport Layer Security (TLS) and		Poly1305 authenticator in the Transport Layer Security (TLS) and
	Datagram Transport Layer Security (DTLS) protocols.		Datagram Transport Layer Security (DTLS) protocols.
	Status of This Memo		Status of This Memo
	This Internet-Draft is submitted in full conformance with the		This Internet-Draft is submitted in full conformance with the
	skipping to change at page 1, line 38 ¶		skipping to change at page 1, line 38 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on June 2, 2016.		This Internet-Draft will expire on June 18, 2016.
	Copyright Notice		Copyright Notice
	Copyright (c) 2015 IETF Trust and the persons identified as the		Copyright (c) 2015 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 4, line 5 ¶		skipping to change at page 4, line 5 ¶
	The nonce is constructed from the record sequence number and shared		The nonce is constructed from the record sequence number and shared
	secret, both of which are known to the recipient. The advantage is		secret, both of which are known to the recipient. The advantage is
	that no per-record, explicit nonce need be transmitted, which saves		that no per-record, explicit nonce need be transmitted, which saves
	eight bytes per record and prevents implementations from mistakenly		eight bytes per record and prevents implementations from mistakenly
	using a random nonce. Thus, in the terms of [RFC5246],		using a random nonce. Thus, in the terms of [RFC5246],
	SecurityParameters.fixed_iv_length is twelve bytes and		SecurityParameters.fixed_iv_length is twelve bytes and
	SecurityParameters.record_iv_length is zero bytes.		SecurityParameters.record_iv_length is zero bytes.
	The following cipher suites are defined.		The following cipher suites are defined.
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD}		TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD}
	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD}		TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD}
	TLS_DHE_RSA_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD}		TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD}
	TLS_PSK_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD}		TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD}
	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD}		TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD}
	TLS_DHE_PSK_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD}		TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD}
	TLS_RSA_PSK_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD}		TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD}
	The DHE_RSA, ECDHE_RSA, ECDHE_ECDSA, PSK, ECDHE_PSK, DHE_PSK and		The DHE_RSA, ECDHE_RSA, ECDHE_ECDSA, PSK, ECDHE_PSK, DHE_PSK and
	RSA_PSK key exchanges for these cipher suites are unaltered and thus		RSA_PSK key exchanges for these cipher suites are unaltered and thus
	are performed as defined in [RFC5246], [RFC4492], and [RFC5489].		are performed as defined in [RFC5246], [RFC4492], and [RFC5489].
	The pseudorandom function (PRF) for all the cipher suites defined in		The pseudorandom function (PRF) for all the cipher suites defined in
	this document is the TLS PRF with SHA-256 as the hash function.		this document is the TLS PRF with SHA-256 as the hash function.
	3. IANA Considerations		3. IANA Considerations
	IANA is requested to add the following entries in the TLS Cipher		IANA is requested to add the following entries in the TLS Cipher
	Suite Registry:		Suite Registry:
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD} {0xCC, 0xA8}		TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD} {0xCC, 0xA8}
	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD} {0xCC, 0xA9}		TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD} {0xCC, 0xA9}
	TLS_DHE_RSA_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD} {0xCC, 0xAA}		TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD} {0xCC, 0xAA}
	TLS_PSK_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD} {0xCC, 0xAB}		TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD} {0xCC, 0xAB}
	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD} {0xCC, 0xAC}		TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD} {0xCC, 0xAC}
	TLS_DHE_PSK_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD} {0xCC, 0xAD}		TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD} {0xCC, 0xAD}
	TLS_RSA_PSK_WITH_CHACHA20_POLY1305 = {0xTBD, 0xTBD} {0xCC, 0xAE}		TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = {0xTBD, 0xTBD} {0xCC, 0xAE}
	The cipher suite numbers listed in the second column are numbers used		The cipher suite numbers listed in the second column are numbers used
	for cipher suite interoperability testing and it's suggested that		for cipher suite interoperability testing and it's suggested that
	IANA use these values for assignment.		IANA use these values for assignment.
	4. Security Considerations		4. Security Considerations
	ChaCha20 follows the same basic principle as Salsa20[SALSA20SPEC], a		ChaCha20 follows the same basic principle as Salsa20[SALSA20SPEC], a
	cipher with significant security review [SALSA20-SECURITY][ESTREAM].		cipher with significant security review [SALSA20-SECURITY][ESTREAM].
	At the time of writing this document, there are no known significant		At the time of writing this document, there are no known significant
End of changes. 8 change blocks.
	18 lines changed or deleted		18 lines changed or added
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/