4 Mar
2014
4 Mar
'14
2:23 p.m.
Hi,
On Tue, 4 Mar 2014 15:07:03 +0100 Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com wrote:
It has not been approved yet, but the latest TLS proposal for chacha is with 96-bit nonces and there is no plan to change. So at least for gnutls only the 96-bit nonce version is relevant.
I did propose using XChaCha (similar to XSalsa20) to support larger nonces (especially the AEAD recommended 96-bit length), and sticking with plain ChaCha for 64-bit nonces (and allowing them):
http://www.ietf.org/mail-archive/web/cfrg/current/msg04310.html
There should have been a CFRG meeting yesterday, and perhaps it was discussed, but I didn't get any feedback on it yet. If anyone (Nikos?) can report on that I'd be glad to hear about it :)
regards, Stefan