On Fri, 2014-08-08 at 13:32 +0300, Henri Sivonen wrote: > On Thu, Jul 10, 2014 at 7:41 PM, Brian Smith <br...@briansmith.org> wrote: > > > As you probably know, Google Chrome already ships some ChaCha20-Poly1305 > > cipher suites. They have a patch that they apply on top of NSS to implement > > them. I recently asked a couple of our friends on the Chrome team about > > contributing that patch to NSS proper. Apparently, the implementation of > > those cipher suites diverges from the current or some expected future draft > > of the IETF specification. Consequently, it isn't clear that it is a good > > idea to drop that patch into NSS as-is. And, if we modify the patch to > > match the current/future IETF documents then Firefox wouldn't be able to > > interoperate with *.google.com using ChaCha20-Poly1305. > The current IETF draft even has the magic numbers already assigned and > no longer in the "TBD" state, which makes it look pretty close to > final.
It is not and in fact it was been superseded with an improved but incompatible design [0]. It was wrong to have numbers assigned in an experimental ciphersuite. [0]. http://tools.ietf.org/html/draft-nir-cfrg-chacha20-poly1305-04 > How does the IETF spec diverge from Chrome? Why does it diverge? > Is it > serious (as in: does agl think the spec should indeed change despite > having participated in shipping an implementation?) or bikeshedding > (as in: is it about the IETF group making its mark?)? As any standard's track protocol it receives input from various sources before it finalizes. The first proposal is rarely the final one (see for example TLS 1.0 which is different to SSL 3.0). As I have followed the discussion in CFRG (this is the group defining the cipher), the improvements are significant and far from bike shedding. My guess is that IETF (i.e., TLS WG) will follow the CFRG document [1] if this cipher is defined for TLS. [1]. http://tools.ietf.org/html/draft-mavrogiannopoulos-chacha-tls-02 regards, Nikos -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
