Closed soatok closed 1 year ago
To fork this proposal in a way that's interoperable (in the "I don't know the algorithm for this message" graceful failure manner), a versioning scheme must be part of the eventual specification. (Also, non-US governments may have their own cipher suite requirements, so it's not all about NIST/CNSA.)
Indeed, versioning is already planned for the design. That's how I intend to support post-quantum cryptography in the near future, without having to block the proposal on NIST's work with PQC.
From Security Goals:
- Protocol Lucidity. All encrypted messages will be bound to a given context, to avoid Confused Deputy attacks. We will use versioned protocols instead of in-band negotiation, to avoid Algorithm Confusion attacks.
If you want to fork this proposal to sell to a government, you're more than welcome to use AES and other algorithms instead of ChaCha20.