On Mon, 2 Nov 2015 22:52:59 +0900 Yoshiaki Hori <hor...@cc.saga-u.ac.jp> wrote:
> Name: draft-kiyomoto-kcipher2-tls > Revision: 02 > Title: Use of KCipher-2 with Poly1305 in Transport Layer I feel I've written almost the same on multiple occassions lately, but I'll do it again: I think one of the major problems of TLS (and other crypto) in the past has been that it has grown to be too complicated. I'm therefore strictly against adding new options without any reasonable rationale behind them. The rationale here seems to be "let's have another algorithm just in case". That "just in case" here is that if chacha20 turns out to be insecure we don't have another streamcipher. However we'd of course still have AES-GCM. I think TLS has suffered a lot in the past from feature bloat. I'd propose to go the other way: Lower the number of options if they don't make sense. Therefore: Please don't introduce another algorithm into TLS - unless you have very good arguments (i.e. it is vastly better than the other options or you have serious arguments why you think AES-GCM and chacha20/poly1305 are in danger of being real-world-broken any time soon). -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgpyXsPnjb0bl.pgp
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
