Skip to main content

ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)
RFC 7905

Revision differences

Document history

Date Rev. By Action
2018-12-20
04 (System)
Received changes through RFC Editor sync (changed abstract to 'This document describes the use of the ChaCha stream cipher and Poly1305 authenticator in the Transport …
Received changes through RFC Editor sync (changed abstract to 'This document describes the use of the ChaCha stream cipher and Poly1305 authenticator in the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols.

This document updates RFCs 5246 and 6347.')
2018-02-03
04 (System) Received changes through RFC Editor sync (added Errata tag)
2016-06-22
04 (System) RFC published
2016-06-22
04 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2016-06-07
04 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2016-05-26
04 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2016-05-16
04 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2016-05-13
04 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2016-05-12
04 (System) IANA Action state changed to Waiting on Authors
2016-05-09
04 (System) RFC Editor state changed to EDIT
2016-05-09
04 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2016-05-09
04 (System) Announcement was received by RFC Editor
2016-05-09
04 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2016-05-09
04 Amy Vezza IESG has approved the document
2016-05-09
04 Amy Vezza Closed "Approve" ballot
2016-05-09
04 Amy Vezza Ballot approval text was generated
2016-05-05
04 Cindy Morgan IESG state changed to Approved-announcement to be sent from IESG Evaluation
2016-05-05
04 Stephen Farrell Ballot writeup was changed
2016-05-05
04 Stephen Farrell Ballot writeup was changed
2016-05-05
04 Stephen Farrell RFC Editor Note was changed
2016-05-05
04 Stephen Farrell RFC Editor Note was changed
2016-05-05
04 Stephen Farrell RFC Editor Note was changed
2016-05-05
04 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2016-05-04
04 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2016-05-04
04 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2016-05-04
04 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2016-05-03
04 Ben Campbell [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell
2016-05-03
04 Terry Manderson [Ballot Position Update] New position, Yes, has been recorded for Terry Manderson
2016-05-03
04 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2016-05-03
04 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2016-05-02
04 Alissa Cooper [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper
2016-05-02
04 Kathleen Moriarty [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty
2016-05-02
04 Benoît Claise [Ballot comment]
draft-ietf-tls-chacha20-poly1305
2016-05-02
04 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2016-04-26
04 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2016-04-24
04 Alexey Melnikov [Ballot comment]
Nit: SHA-256 probably needs a normative reference.
2016-04-24
04 Alexey Melnikov [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov
2016-04-12
04 Stephen Farrell Ballot writeup was changed
2016-04-12
04 Stephen Farrell RFC Editor Note was changed
2016-04-12
04 Stephen Farrell RFC Editor Note was changed
2016-04-12
04 Stephen Farrell RFC Editor Note for ballot was generated
2016-04-12
04 Stephen Farrell RFC Editor Note for ballot was generated
2016-04-12
04 Stephen Farrell Placed on agenda for telechat - 2016-05-05
2016-04-12
04 Stephen Farrell Changed consensus to Yes from Unknown
2016-04-12
04 Stephen Farrell IESG state changed to IESG Evaluation from Waiting for Writeup
2016-04-12
04 Stephen Farrell Ballot has been issued
2016-04-12
04 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2016-04-12
04 Stephen Farrell Created "Approve" ballot
2016-04-12
04 Stephen Farrell Ballot writeup was changed
2016-04-10
04 Gunter Van de Velde Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Stefan Winter.
2016-04-07
04 Roni Even Request for Last Call review by GENART Completed: Almost Ready. Reviewer: Roni Even.
2016-04-07
04 Tero Kivinen Request for Last Call review by SECDIR Completed: Ready. Reviewer: Dan Harkins.
2016-04-05
04 (System) IESG state changed to Waiting for Writeup from In Last Call
2016-04-04
04 Sabrina Tanamal IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2016-03-30
04 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2016-03-30
04 Sabrina Tanamal
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-tls-chacha20-poly1305-04.txt. If any part of this review is inaccurate, please let us know.

IANA …
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-tls-chacha20-poly1305-04.txt. If any part of this review is inaccurate, please let us know.

IANA has a question about one of the actions requested in the IANA Considerations section of this document.

IANA understands that, upon approval of this document, there is a single action which IANA must complete.

In the TLS Cipher Suite Subregistry of the Transport Layer Security (TLS) Parameters registry located at:

https://www.iana.org/assignments/tls-parameters/

seven new entries are to be added to the registry as follows:

Value: Description: DTLS-OK: Reference:
{0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [ RFC-to-be ]
{0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [ RFC-to-be ]
{0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [ RFC-to-be ]
{0xCC, 0xAB} TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 [ RFC-to-be ]
{0xCC, 0xAC} TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 [ RFC-to-be ]
{0xCC, 0xAD} TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 [ RFC-to-be ]
{0xCC, 0xAE} TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 [ RFC-to-be ]

IANA understands that the cipher suite numbers provided in the draft are numbers used for cipher suite interoperability testing. If those values are available when the document is approved, IANA intends to use the suggested values.

The section of the registry where these values are assigned is maintained by Specification Required as defined by RFC 5266. As this document requests registrations in an Expert Review or Specification Required (see RFC 5226) registry, we will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC.

IANA Question --> Please provide the value for DTLS-OK for each of these new registrations.

IANA understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. 


Thank you,

Sabrina Tanamal
IANA Specialist
ICANN
2016-03-24
04 Jean Mahoney Request for Last Call review by GENART is assigned to Roni Even
2016-03-24
04 Jean Mahoney Request for Last Call review by GENART is assigned to Roni Even
2016-03-23
04 Tero Kivinen Request for Last Call review by SECDIR is assigned to Dan Harkins
2016-03-23
04 Tero Kivinen Request for Last Call review by SECDIR is assigned to Dan Harkins
2016-03-23
04 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Stefan Winter
2016-03-23
04 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Stefan Winter
2016-03-22
04 Amy Vezza IANA Review state changed to IANA - Review Needed
2016-03-22
04 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: "Sean Turner" , draft-ietf-tls-chacha20-poly1305@ietf.org, tls@ietf.org, stephen.farrell@cs.tcd.ie, sean@sn3rd.com, …
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: "Sean Turner" , draft-ietf-tls-chacha20-poly1305@ietf.org, tls@ietf.org, stephen.farrell@cs.tcd.ie, sean@sn3rd.com, tls-chairs@ietf.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)) to Proposed Standard


The IESG has received a request from the Transport Layer Security WG
(tls) to consider the following document:
- 'ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-04-05. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes the use of the ChaCha stream cipher and
  Poly1305 authenticator in the Transport Layer Security (TLS) and
  Datagram Transport Layer Security (DTLS) protocols.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-tls-chacha20-poly1305/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-tls-chacha20-poly1305/ballot/


No IPR declarations have been submitted directly on this I-D.

I-D nits notes that the abstract doesn't mention the two RFCs being updated.
That is a useful practice (in case someone only sees the abstract) so we'll fix
it after IETF LC.

This draft normatively references RFCs 4492, 5489 and 7539 which
are algorithm definitions. If needed we will put those in the DownRef
registry after this last call concludes.
2016-03-22
04 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2016-03-22
04 Stephen Farrell Last call was requested
2016-03-22
04 Stephen Farrell Ballot approval text was generated
2016-03-22
04 Stephen Farrell Ballot writeup was generated
2016-03-22
04 Stephen Farrell IESG state changed to Last Call Requested from AD Evaluation
2016-03-22
04 Stephen Farrell Last call announcement was changed
2016-03-22
04 Stephen Farrell Last call announcement was generated
2016-03-10
04 Stephen Farrell IESG state changed to AD Evaluation from Publication Requested
2016-03-10
04 Sean Turner
1. Summary

This draft specifies seven (7) chacha20-poly1305 ciphers that can be used with TLS and DTLS.  This is the “how to do chacha20-poly1305 with …
1. Summary

This draft specifies seven (7) chacha20-poly1305 ciphers that can be used with TLS and DTLS.  This is the “how to do chacha20-poly1305 with TLS” draft, where chacha20-poly1305 is defined in RFC 7539. These cipher suites are intended to be a back up to the AES-based suites in case of compromise.

As far as where you should point your fingers:
- Sean Turner is the document shepherd, and;
- Stephen Farrell is the responsible Area Director.

2. Review and Consensus

There’s probably on the order of 100 messages about this draft, and that shouldn’t come as a surprise because this draft is really just specifying IANA code points.  The real fireworks were on the CFRG list, and we thank them for taking that bullet(s).  The cipher suites proposed in the individual draft were modified based on WG input.  There were two WGLCs for this draft; the first didn’t generate the expected amount of review so a second WGLC was issued that did.  There was a debate as to whether the PRF digest should be changed to SHA-512 from SHA-256, but there was no consensus to make this change.

3. Intellectual Property

All disclosed as confirmed by the authors on 20160310.

4. Other Points:

IANA has already assigned the cipher suites and we thank them.

These algorithms are expected to be very widely implemented due their high performance in software implementations.  It’s currently in the deployed branches of BoringSSL GnuTLS, OpenSSL, and others.
2016-03-10
04 Sean Turner Responsible AD changed to Stephen Farrell
2016-03-10
04 Sean Turner IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2016-03-10
04 Sean Turner IESG state changed to Publication Requested
2016-03-10
04 Sean Turner IESG process started in state Publication Requested
2016-03-10
04 Sean Turner Changed document writeup
2016-03-09
04 Sean Turner IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2016-03-03
04 Sean Turner Notification list changed to "Sean Turner" <sean@sn3rd.com>
2016-03-03
04 Sean Turner Document shepherd changed to Sean Turner
2016-03-03
04 Sean Turner Changed document writeup
2015-12-16
04 Adam Langley New version available: draft-ietf-tls-chacha20-poly1305-04.txt
2015-12-09
03 Sean Turner IETF WG state changed to In WG Last Call from WG Document
2015-11-30
03 Adam Langley New version available: draft-ietf-tls-chacha20-poly1305-03.txt
2015-11-06
02 Adam Langley New version available: draft-ietf-tls-chacha20-poly1305-02.txt
2015-11-02
01 Adam Langley New version available: draft-ietf-tls-chacha20-poly1305-01.txt
2015-10-05
00 Sean Turner Intended Status changed to Proposed Standard from None
2015-06-11
00 Sean Turner This document now replaces draft-mavrogiannopoulos-chacha-tls instead of None
2015-06-11
00 Nikos Mavrogiannopoulos New version available: draft-ietf-tls-chacha20-poly1305-00.txt