Re: [Dime] RFC3588bis cipher suite question
Glen Zorn <glenzorn@gmail.com> Sat, 21 July 2012 03:42 UTC
Return-Path: <glenzorn@gmail.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA1B321F8483 for <dime@ietfa.amsl.com>; Fri, 20 Jul 2012 20:42:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.412
X-Spam-Level:
X-Spam-Status: No, score=-3.412 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uQVC9qpPluf1 for <dime@ietfa.amsl.com>; Fri, 20 Jul 2012 20:42:28 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id E54BC21F8480 for <dime@ietf.org>; Fri, 20 Jul 2012 20:42:27 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so7454562pbc.31 for <dime@ietf.org>; Fri, 20 Jul 2012 20:43:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:from:to:cc:in-reply-to:references:content-type:organization :date:message-id:mime-version:x-mailer; bh=nLkX11qpd9+FWFu4u/pfqYljOm6XW2Fbud/UCnPzI/Y=; b=a0dLXbpN0LFLt0hnxAb/VRWf5Vq9DTlQJtRC8lPKzkZhL+pMRdnQvqAZOMC/1Tzdmo jWRvCNVxcXZgpV6asa+R3omYKgokwx+IKSkaubePbRKZiJQ+c2MWYcdWoseoMRFheoZA gW9qQnLVIFtpxWEwTUuvWrylltcIepRAmSanTRj2feXirh2JdN5hWzqSjQe9TEdvRD2u mLNKAjDD3ke9V4RKbUMqkQVjA/6qB0Wu+WQWDy+cxvLIEUYmZiiQAihOjuOIIahX0WKU tRkfg47FhVkQR79c+9j77Vq/t0+I2vBN8yk6fW7ubEz3e5sfkGNvVuUib5MKLFVfet6o LVBw==
Received: by 10.66.73.69 with SMTP id j5mr15962934pav.8.1342842205533; Fri, 20 Jul 2012 20:43:25 -0700 (PDT)
Received: from [192.168.0.102] (ppp-124-122-187-245.revip2.asianet.co.th. [124.122.187.245]) by mx.google.com with ESMTPS id tv6sm5214586pbc.24.2012.07.20.20.43.23 (version=SSLv3 cipher=OTHER); Fri, 20 Jul 2012 20:43:24 -0700 (PDT)
From: Glen Zorn <glenzorn@gmail.com>
To: dime@ietf.org
In-Reply-To: <277A4FAB-3934-4DE4-BC39-650296C30385@gmail.com>
References: <1BDC22A3-83B9-491D-A8AA-CF9CD718265A@iki.fi> <277A4FAB-3934-4DE4-BC39-650296C30385@gmail.com>
Content-Type: multipart/alternative; boundary="=-/l/nw2DmSkH48DYAhWMh"
Organization: Network Zen
Date: Sat, 21 Jul 2012 10:43:21 +0700
Message-ID: <1342842201.7688.8.camel@gwz-laptop>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.3 (2.32.3-1.fc14)
Subject: Re: [Dime] RFC3588bis cipher suite question
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jul 2012 03:42:28 -0000
On Fri, 2012-07-20 at 16:11 +0300, jouni korhonen wrote: > Any comments/views on this? Yes. > > - Jouni > > > On Jun 21, 2012, at 2:17 PM, jouni korhonen wrote: > > > Folks, > > > > In Section 13.1 we have the following text: > > > > Diameter nodes MUST be able to negotiate the following TLS/TCP and > > DTLS/SCTP cipher suites: > > > > TLS_RSA_WITH_RC4_128_MD5 > > TLS_RSA_WITH_RC4_128_SHA > > TLS_RSA_WITH_3DES_EDE_CBC_SHA > > > > Diameter nodes SHOULD be able to negotiate the following TLS/TCP and > > DTLS/SCTP cipher suite: > > > > TLS_RSA_WITH_AES_128_CBC_SHA > > > > Note that that it is quite possible that support for the > > TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite will be REQUIRED at some > > future date. Diameter nodes MAY negotiate other TLS/TCP and DTLS/ > > SCTP cipher suites. > > > > I know this is a bit late in the pipe but.. but RFC6347 (DTLS v1.2) has > > the following statement: > > > > The only stream cipher described in TLS 1.2 is RC4, which cannot be > > randomly accessed. RC4 MUST NOT be used with DTLS. > > > > That does not go too well with the RFC3588bis MUST for RC4 stream ciphers. > > > > Also RFC5246 states: > > > > In the absence of an application profile standard specifying > > otherwise, a TLS-compliant application MUST implement the cipher > > suite TLS_RSA_WITH_AES_128_CBC_SHA.. > > > > Can we understand that the current text in RFC3588bis serves as the > > profile and the SHOULD there is then OK from the RFC5246 point of > > view? Yes. > > > > - Jouni > > _______________________________________________ > > DiME mailing list > > DiME@ietf.org > > https://www.ietf.org/mailman/listinfo/dime > > _______________________________________________ > DiME mailing list > DiME@ietf.org > https://www.ietf.org/mailman/listinfo/dime
- [Dime] RFC3588bis cipher suite question jouni korhonen
- Re: [Dime] RFC3588bis cipher suite question Glen Zorn
- Re: [Dime] RFC3588bis cipher suite question jouni korhonen