This draft specifies seven (7) chacha20-poly1305 ciphers that can be used with
TLS and DTLS. This is the “how to do chacha20-poly1305 with TLS” draft, where
chacha20-poly1305 is defined in RFC 7539. These cipher suites are intended to
be a back up to the AES-based suites in case of compromise.
As far as where you should point your fingers:
- Sean Turner is the document shepherd, and;
- Stephen Farrell is the responsible Area Director.
2. Review and Consensus
There’s probably on the order of 100 messages about this draft, and that
shouldn’t come as a surprise because this draft is really just specifying IANA
code points. The real fireworks were on the CFRG list, and we thank them for
taking that bullet(s). The cipher suites proposed in the individual draft were
modified based on WG input. There were two WGLCs for this draft; the first
didn’t generate the expected amount of review so a second WGLC was issued that
did. There was a debate as to whether the PRF digest should be changed to
SHA-512 from SHA-256, but there was no consensus to make this change.
3. Intellectual Property
All disclosed as confirmed by the authors on 20160310.
4. Other Points:
IANA has already assigned the cipher suites and we thank them.
These algorithms are expected to be very widely implemented due their high
performance in software implementations. It’s currently in the deployed
branches of BoringSSL GnuTLS, OpenSSL, and others.