This draft specifies seven (7) chacha20-poly1305 ciphers that can be used with TLS and DTLS. This is the “how to do chacha20-poly1305 with TLS” draft, where chacha20-poly1305 is defined in RFC 7539. These cipher suites are intended to be a back up to the AES-based suites in case of compromise.
As far as where you should point your fingers:
- Sean Turner is the document shepherd, and;
- Stephen Farrell is the responsible Area Director.
2. Review and Consensus
There’s probably on the order of 100 messages about this draft, and that shouldn’t come as a surprise because this draft is really just specifying IANA code points. The real fireworks were on the CFRG list, and we thank them for taking that bullet(s). The cipher suites proposed in the individual draft were modified based on WG input. There were two WGLCs for this draft; the first didn’t generate the expected amount of review so a second WGLC was issued that did. There was a debate as to whether the PRF digest should be changed to SHA-512 from SHA-256, but there was no consensus to make this change.
3. Intellectual Property
All disclosed as confirmed by the authors on 20160310.
4. Other Points:
IANA has already assigned the cipher suites and we thank them.
These algorithms are expected to be very widely implemented due their high performance in software implementations. It’s currently in the deployed branches of BoringSSL GnuTLS, OpenSSL, and others.