On Tue, Nov 3, 2015 at 2:34 AM, Nikos Mavrogiannopoulos <n...@redhat.com> wrote: > > I agree that protecting the length of the communicated data is > important, but there is nothing specific to this cipher.
I wouldn't contest that; I just think the I-D is over-selling ChaCha20's side-channel resistance. I would argue that in real practical terms it is less side-channel resistant than AES-CBC; but I think a reader would be left with the opposite impression. Still huge +1 on adding it; it's exciting to get a fast modern well-designed cipher into TLS. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
