| draft-ietf-ipsecme-chacha20-poly1305-11.txt | draft-ietf-ipsecme-chacha20-poly1305-12.txt | |||
|---|---|---|---|---|
| Network Working Group Y. Nir | Network Working Group Y. Nir | |||
| Internet-Draft Check Point | Internet-Draft Check Point | |||
| Intended status: Standards Track July 7, 2015 | Intended status: Standards Track July 9, 2015 | |||
| Expires: January 8, 2016 | Expires: January 10, 2016 | |||
| ChaCha20, Poly1305 and their use in IKE & IPsec | ChaCha20, Poly1305 and their use in IKE & IPsec | |||
| draft-ietf-ipsecme-chacha20-poly1305-11 | draft-ietf-ipsecme-chacha20-poly1305-12 | |||
| Abstract | Abstract | |||
| This document describes the use of the ChaCha20 stream cipher along | This document describes the use of the ChaCha20 stream cipher along | |||
| with the Poly1305 authenticator, combined into an AEAD algorithm for | with the Poly1305 authenticator, combined into an AEAD algorithm for | |||
| the Internet Key Exchange protocol (IKEv2) and for IPsec. | the Internet Key Exchange protocol (IKEv2) and for IPsec. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 32 | skipping to change at page 1, line 32 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 8, 2016. | This Internet-Draft will expire on January 10, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 26 | skipping to change at page 2, line 26 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 7 | 8.2. Informative References . . . . . . . . . . . . . . . . . 7 | |||
| Appendix A. ESP Example . . . . . . . . . . . . . . . . . . . . 8 | Appendix A. ESP Example . . . . . . . . . . . . . . . . . . . . 8 | |||
| Appendix B. IKEv2 Example . . . . . . . . . . . . . . . . . . . 10 | Appendix B. IKEv2 Example . . . . . . . . . . . . . . . . . . . 10 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 1. Introduction | 1. Introduction | |||
| The Advanced Encryption Standard (AES - [FIPS-197]) has become the | The Advanced Encryption Standard (AES - [FIPS-197]) has become the | |||
| gold standard in encryption. Its efficient design, wide | go-to algorithm for encryption. It is now the most commonly used | |||
| implementation, and hardware support allow for high performance in | algorithm in many areas, including IPsec virtual private networks | |||
| many areas, including IPsec VPNs. On most modern platforms, AES is | (VPN). On most modern platforms AES is anywhere from 4x to 10x as | |||
| anywhere from 4x to 10x as fast as the previous most-used cipher, | fast as the previous popular cipher, 3-key Data Encryption Standard | |||
| 3-key Data Encryption Standard (3DES - [SP800-67]). 3DES also has a | (3DES - [SP800-67]). 3DES also uses a 64-bit block, which means that | |||
| 64-bit block, which means that the amount of data that can be | the amount of data that can be encrypted before rekeying is required | |||
| encrypted before rekeying is required is not great. These reasons | is limited. These reasons make AES not only the best choice, but the | |||
| make AES not only the best choice, but the only choice. | only viable choice for IPsec. | |||
| The problem is that if future advances in cryptanalysis reveal a | The problem is that if future advances in cryptanalysis reveal a | |||
| weakness in AES, VPN users will be in an unenviable position. With | weakness in AES, VPN users will be in an unenviable position. With | |||
| the only other widely supported cipher being the much slower 3DES, it | the only other widely supported cipher for IPsec implementations | |||
| is not feasible to re-configure IPsec installations away from AES. | being the much slower 3DES, it is not feasible to re-configure IPsec | |||
| [standby-cipher] describes this issue and the need for a standby | installations away from AES. [standby-cipher] describes this issue | |||
| cipher in greater detail. | and the need for a standby cipher in greater detail. | |||
| This document proposes the fast and secure ChaCha20 stream cipher as | This document proposes the fast and secure ChaCha20 stream cipher as | |||
| such a standby cipher in an Authenticated Encryption with Associated | such a standby cipher in an Authenticated Encryption with Associated | |||
| Data (AEAD) construction with the Poly1305 authenticator for use with | Data (AEAD) construction with the Poly1305 authenticator for use with | |||
| the Encapsulated Security Protocol (ESP - [RFC4303]) and the Internet | the Encapsulated Security Protocol (ESP - [RFC4303]) and the Internet | |||
| Key Exchange Protocol (IKEv2 - [RFC7296]). The algorithms are | Key Exchange Protocol (IKEv2 - [RFC7296]). The algorithms are | |||
| described in a separate document ([RFC7539]). This document only | described in a separate document ([RFC7539]). This document only | |||
| describes the IPsec-specific things. | describes the IPsec-specific things. | |||
| 1.1. Conventions Used in This Document | 1.1. Conventions Used in This Document | |||
| End of changes. 5 change blocks. | ||||
| 16 lines changed or deleted | 16 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||