[Dime] Obsolete TLS wording in Diameter protocol

Julien ÉLIE <julien@trigofacile.com> Mon, 09 January 2017 13:46 UTC

Return-Path: <julien@trigofacile.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BD71129CDC for <dime@ietfa.amsl.com>; Mon, 9 Jan 2017 05:46:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.144
X-Spam-Level:
X-Spam-Status: No, score=0.144 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.156, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mc5hKNxGOsIr for <dime@ietfa.amsl.com>; Mon, 9 Jan 2017 05:46:43 -0800 (PST)
Received: from smtp.smtpout.orange.fr (smtp07.smtpout.orange.fr [80.12.242.129]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D69A01293FB for <dime@ietf.org>; Mon, 9 Jan 2017 05:46:42 -0800 (PST)
Received: from macbook-pro-de-julien-elie.home ([92.170.5.52]) by mwinf5d65 with ME id WDmf1u00H17Lgi403Dmfqb; Mon, 09 Jan 2017 14:46:40 +0100
X-ME-Helo: macbook-pro-de-julien-elie.home
X-ME-Auth: anVsaWVuLmVsaWU0ODdAd2FuYWRvby5mcg==
X-ME-Date: Mon, 09 Jan 2017 14:46:40 +0100
X-ME-IP: 92.170.5.52
To: dime@ietf.org
From: =?UTF-8?Q?Julien_=c3=89LIE?= <julien@trigofacile.com>
Organization: TrigoFACILE -- http://www.trigofacile.com/
Message-ID: <3f911981-962e-3a60-9fa5-a20ee1bb30fa@trigofacile.com>
Date: Mon, 9 Jan 2017 14:46:39 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/vmKCrkXJ0cS3lPxVEvoIaLvymRQ>
Subject: [Dime] Obsolete TLS wording in Diameter protocol
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 13:46:45 -0000

Hi all,

The Diameter specification (RFC 6733) mentions in Section 13.1 that the 
TLS_RSA_WITH_RC4_128_MD5 and TLS_RSA_WITH_RC4_128_SHA cipher suites are 
required ("Diameter nodes MUST be able to negotiate [them]"), and 
Section 5.2 does not give latest recommendations for certificate validation.

Shouldn't it be updated in favour of following RFC 7525 (BCP for TLS) 
and RFC 6125 (guideline for certificate validation)?

-- 
Julien ÉLIE

« The following two statements are usually both true:
   There's not enough documentation.
   There's too much documentation. » (Larry Wall)