Re: [Dime] Obsolete TLS wording in Diameter protocol
<lionel.morand@orange.com> Mon, 09 January 2017 14:59 UTC
Return-Path: <lionel.morand@orange.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15889129D3E for <dime@ietfa.amsl.com>; Mon, 9 Jan 2017 06:59:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.818
X-Spam-Level:
X-Spam-Status: No, score=-5.818 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-KdPyLL_dUf for <dime@ietfa.amsl.com>; Mon, 9 Jan 2017 06:59:33 -0800 (PST)
Received: from relais-inet.orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B153B129D37 for <dime@ietf.org>; Mon, 9 Jan 2017 06:59:32 -0800 (PST)
Received: from opfednr05.francetelecom.fr (unknown [xx.xx.xx.69]) by opfednr22.francetelecom.fr (ESMTP service) with ESMTP id 78A7720894; Mon, 9 Jan 2017 15:59:30 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.17]) by opfednr05.francetelecom.fr (ESMTP service) with ESMTP id 516992006E; Mon, 9 Jan 2017 15:59:30 +0100 (CET)
Received: from OPEXCLILM43.corporate.adroot.infra.ftgroup ([fe80::ec23:902:c31f:731c]) by OPEXCLILM24.corporate.adroot.infra.ftgroup ([fe80::a1e6:3e6a:1f68:5f7e%18]) with mapi id 14.03.0319.002; Mon, 9 Jan 2017 15:59:30 +0100
From: lionel.morand@orange.com
To: Julien ÉLIE <julien@trigofacile.com>, "dime@ietf.org" <dime@ietf.org>
Thread-Topic: [Dime] Obsolete TLS wording in Diameter protocol
Thread-Index: AQHSan7UF/6G98qxF0K6juZVPgkSPKEwMQ+g
Date: Mon, 09 Jan 2017 14:59:29 +0000
Message-ID: <4987_1483973970_5873A552_4987_327_1_6B7134B31289DC4FAF731D844122B36E0BFDC80F@OPEXCLILM43.corporate.adroot.infra.ftgroup>
References: <3f911981-962e-3a60-9fa5-a20ee1bb30fa@trigofacile.com>
In-Reply-To: <3f911981-962e-3a60-9fa5-a20ee1bb30fa@trigofacile.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/K42XZcCJUgz7zKYqlBOEAmqnuCU>
Subject: Re: [Dime] Obsolete TLS wording in Diameter protocol
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 14:59:34 -0000
Hi Julien, The first point on cipher suites has been already raised. The prohibition of the use of the RC4-based cipher suites (RFC7465) came after the publication of the RFC6733. But the RFC7465 is anyway an update of the RFC5246 that is a normative reference in the RFC6733. So anyone implementing TLS should be aware of this update. There is no need of an errata report but it will be covered in a future update of the RFC6733 if any. For the RFC6125, it should be first worthwhile to mention that the RFC6733 indicates that, for the time being, there is no Diameter server Certification Authorities. However, the RFC5280 is given as normative reference and this one is not superseded by RFC6125 so far. And RFC6125 could be also seen as orthogonal to the implementation of the Diameter base protocol. It could be part of an update if there would be a real need to clarify something left outside of RFC5280. At least, it is my current understanding. I hope that it clarifies your concerns. Regards, Lionel > -----Message d'origine----- > De : DiME [mailto:dime-bounces@ietf.org] De la part de Julien ÉLIE > Envoyé : lundi 9 janvier 2017 14:47 > À : dime@ietf.org > Objet : [Dime] Obsolete TLS wording in Diameter protocol > > Hi all, > > The Diameter specification (RFC 6733) mentions in Section 13.1 that the > TLS_RSA_WITH_RC4_128_MD5 and TLS_RSA_WITH_RC4_128_SHA cipher suites > are required ("Diameter nodes MUST be able to negotiate [them]"), and Section > 5.2 does not give latest recommendations for certificate validation. > > Shouldn't it be updated in favour of following RFC 7525 (BCP for TLS) and RFC > 6125 (guideline for certificate validation)? > > -- > Julien ÉLIE > > « The following two statements are usually both true: > There's not enough documentation. > There's too much documentation. » (Larry Wall) > > _______________________________________________ > DiME mailing list > DiME@ietf.org > https://www.ietf.org/mailman/listinfo/dime _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [Dime] Obsolete TLS wording in Diameter protocol Julien ÉLIE
- Re: [Dime] Obsolete TLS wording in Diameter proto… lionel.morand
- Re: [Dime] Obsolete TLS wording in Diameter proto… Julien ÉLIE