I fully support not to add new options / complexity to TLS "just because they are there" and I'm not at all doubting the rationale behind this.
Our use case is legacy industrial communication over extremely lean media (low bandwidth, high error rate, etc.). We are investigating all directions of conceivable optimizations one could apply to DTLS (both configuration and standardization) in order to minimize what needs to be sent over the wire (or the ether). That's why I expressed interest in a number of old and not so old concepts and drafts addressing this. ChaCha20+Poly1305 seems to have some benefits over AES (e.g. performance in pure software). Currently, the only AEAD mode in (D)TLS I'm aware of that allows authentication tags shorter than 16 bytes is CCM_8. I guess that there are other scenarios -- apart from ours -- where an efficient software-only cipher (i.e. not AES-CCM) is desirable but a full-length tag is a bad trade-off between costs and benefits. I don't have strong intentions to advocate to define yet another cipher suite for TLS. I'd rather get a sense of other WG members' interest in that specific direction. If there is consensus that there is no point in having ChaCha20+Poly1305 with truncated tags I'm fine with that. Maybe this would just rebut my assumption that there could be broader use for that. Cheers, Andi Walz >>> Hanno Böck <ha...@hboeck.de> 01/17/17 1:10 PM >>> On Tue, 17 Jan 2017 13:03:35 +0100 "Andreas Walz" <andreas.w...@hs-offenburg.de> wrote: > I know there is some comprehensible reluctance against bloating the > TLS ecosystem with even more cipher suites, but still ... have there > been considerations / discussions on adding ChaCha20+Poly1305 cipher > suites with truncted authentication tags for (D)TLS? The usual question to answer is: why? The general reluctance to add new ciphersuites "just because they are there" is imho very reasonable and in the past TLS got bloated in complexity far too much because of that. If you want a new ciphersuite you should have some good arguments why they offer something that the current ones don't. Ideally these should be specific. (Aka "Someone could need that for hypothetical situation XYZ" is not very compelling. "I am developing a widely used product where this would immensely help for Reasons xyz" is better.) -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
