BCP for good TLS practices? (Was: Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard

Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 28 November 2016 20:50 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C63C312951A; Mon, 28 Nov 2016 12:50:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0eiq30lJKlEI; Mon, 28 Nov 2016 12:50:08 -0800 (PST)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57746129492; Mon, 28 Nov 2016 12:50:04 -0800 (PST)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id C5C3331C81; Mon, 28 Nov 2016 21:50:01 +0100 (CET)
Received: by godin (Postfix, from userid 1000) id 46DBFEC0B1C; Mon, 28 Nov 2016 21:41:05 +0100 (CET)
Date: Mon, 28 Nov 2016 21:41:05 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: ietf@ietf.org, draft-elie-nntp-tls-recommendations.all@ietf.org
Subject: BCP for good TLS practices? (Was: Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard
Message-ID: <20161128204105.GA28690@laperouse.bortzmeyer.org>
References: <148035153084.5510.13278742493736503746.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <148035153084.5510.13278742493736503746.idtracker@ietfa.amsl.com>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 16.04 (xenial)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/sNjCZgvFqdA0fzKARxsFSpZLFM8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2016 20:50:10 -0000

On Mon, Nov 28, 2016 at 08:45:30AM -0800,
 The IESG <iesg-secretary@ietf.org> wrote 
 a message of 37 lines which said:

> The IESG has received a request from an individual submitter to consider
> the following document:
> - 'Use of Transport Layer Security (TLS) in??the??Network??News??Transfer
>    Protocol (NNTP)'
>   <draft-elie-nntp-tls-recommendations-01.txt> as Proposed Standard

I've read draft-elie-nntp-tls-recommendations-01.txt, I agree with its
general idea with respect to the old RFC 4642 (moving away from
specific TLS recommendentions to just a reference to established
generic TLS RFCs, RFC 4642 even mandated RC4!), and I think it is
ready to be published on the standards track.

I still have a question about the fact that it references RFC
7525. Since TLS recommandations may change (and certainly will, for
instance because of the progress of cryptanalysis), wouldn't it be
better to use the BCP number 195?

Otherwise, I would drop appendix B. It is useless since we have RFC
2804, and it may even be obsolete (are there still countries with
serious export restrictions on crypto?)