The IESG has approved the following document: - 'ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)' (draft-ietf-tls-chacha20-poly1305-04.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-chacha20-poly1305/ 1. Summary This draft specifies seven (7) chacha20-poly1305 ciphers that can be used with TLS and DTLS. This is the â??how to do chacha20-poly1305 with TLSâ?? draft, where chacha20-poly1305 is defined in RFC 7539. These cipher suites are intended to be a back up to the AES-based suites in case of compromise. As far as where you should point your fingers: - Sean Turner is the document shepherd, and; - Stephen Farrell is the responsible Area Director. 2. Review and Consensus Thereâ??s probably on the order of 100 messages about this draft, and that shouldnâ??t come as a surprise because this draft is really just specifying IANA code points. The real fireworks were on the CFRG list, and we thank them for taking that bullet(s). The cipher suites proposed in the individual draft were modified based on WG input. There were two WGLCs for this draft; the first didnâ??t generate the expected amount of review so a second WGLC was issued that did. There was a debate as to whether the PRF digest should be changed to SHA-512 from SHA-256, but there was no consensus to make this change. 3. Intellectual Property All disclosed as confirmed by the authors on 20160310. 4. Other Points: IANA has already assigned the cipher suites and we thank them. These algorithms are expected to be very widely implemented due their high performance in software implementations. Itâ??s currently in the deployed branches of BoringSSL GnuTLS, OpenSSL, and others. RFC Editor Note 1) Please add the following to the end of the abstract: "This document updates RFCs 5246 and 6347." 2) Please add a normative reference for SHA256 at the end of section 3, thusly... OLD: The pseudorandom function (PRF) for all the cipher suites defined in this document is the TLS PRF with SHA-256 as the hash function. NEW: The pseudorandom function (PRF) for all the cipher suites defined in this document is the TLS PRF with SHA-256 [FIPS 180-4] as the hash function. The reference to add to section 6.1 is: [FIPS 180-4] Federal Information Processing Standards Publication (FIPS PUB) 180-4, Secure Hash Standard (SHS), August 2015.
