Re: [Tls-reg-review] Question about the TLS cipher suite registry

Adam Foltzer <acfoltzer@fastly.com> Thu, 05 March 2020 02:55 UTC

Return-Path: <acfoltzer@fastly.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8FCA3A0991 for <tls-reg-review@ietfa.amsl.com>; Wed, 4 Mar 2020 18:55:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id abpivY5PrY5S for <tls-reg-review@ietfa.amsl.com>; Wed, 4 Mar 2020 18:55:00 -0800 (PST)
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 784723A098D for <tls-reg-review@ietf.org>; Wed, 4 Mar 2020 18:55:00 -0800 (PST)
Received: by mail-wr1-x431.google.com with SMTP id j7so5117247wrp.13 for <tls-reg-review@ietf.org>; Wed, 04 Mar 2020 18:55:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mIuk7wIHZn0Syat8CSV7/xF8MulIVEBroQBnWI9wmtM=; b=H4FeuATcHS2ACd62JgFvZtd21nSwo6zpfAc97DrtxcgbpcMK+HC7Hme4oWXfvXLnOV cVyMeHBWniDkN5OdQA2HjYXvhB2qf/A5sgQMG4IstT4bFVXDo/qIBZQ7XjEG5JymTrOX Vc/jxINqRmC0ckrKvoowv5g/4fkuaqlv6fGic=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mIuk7wIHZn0Syat8CSV7/xF8MulIVEBroQBnWI9wmtM=; b=CeHbrdwDehRahxuW+4CUNQ8R/q6j+zeNZJvzmaD1CtcnlY+fHKR3/WDYek9kSumXAA gqeQYWPl3MSvextpB21yoRwNZFWyl3Zg4Da1UEETs72iy230rxCST8X/TuCaJeVSSMog xq3mNPd8mvh3RmEkXm5xIx4h38Z9iVckcjCxpn6qkyHCalCq/kVIzLp92z03BeuLEUUW 0KqlHbLqxwIg57HgfiWLJFtWmWI+D0GEM40l83qUfRHmsoTYo8+cuLnHi1FfRSS/OQfu m1iEioK2stpTWCD1SXc0n7iJIjahAY6lw+Z1qU6/DpnOzpKzxrhZ1VThXbzJMgZUZrSL PyKw==
X-Gm-Message-State: ANhLgQ0BAeYR173IjdEdl46NPLjpIFGWLVreySfGdv2wFCpZmxztoIp5 hjHaBlzpkb9vfYLjq1xNcTTCxxUXQP+LEjfjwhtHQQ==
X-Google-Smtp-Source: ADFU+vv1LH0k3N3Di6M6KlMSceY+hn5AMJZ+OAt0Eo68bKC3QqggIzww6Bo8YD2o8GVg4GPxzYGJFOt/Qi71zmPXp6g=
X-Received: by 2002:adf:ed91:: with SMTP id c17mr6588725wro.388.1583376898953; Wed, 04 Mar 2020 18:54:58 -0800 (PST)
MIME-Version: 1.0
References: <D8454EC5-D056-4627-934D-8BEB2A654B5D@mnot.net> <CAB8hvnH3ZPMXmSw7cC+m7r1JPrZjFpJpKm6O5wZ60V8Z_pjLZg@mail.gmail.com> <9ED5942D-EDA8-42C8-8786-EC16C4E2AD97@akamai.com>
In-Reply-To: <9ED5942D-EDA8-42C8-8786-EC16C4E2AD97@akamai.com>
From: Adam Foltzer <acfoltzer@fastly.com>
Date: Wed, 04 Mar 2020 18:54:47 -0800
Message-ID: <CAB8hvnFzwSXEKo0+OsUWGuK84cvAUCmO6gkfK+BmS0XDTU582w@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Mark Nottingham <mnot@mnot.net>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009ba59905a012a925"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/-XQBP7Wf2ZQUKXT5KDaDV9FCoxY>
X-Mailman-Approved-At: Mon, 09 Mar 2020 08:01:55 -0700
Subject: Re: [Tls-reg-review] Question about the TLS cipher suite registry
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 02:56:19 -0000

Using the tls-reg-review mail alias so that IANA sees this.


Thank you!


> I don’t know how the csv or XHTML files are maintained.  Looking at
> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4,
> I see this:
>
>         0xFA,0x00-C9
>
> Unassigned
>

This is the range that immediately precedes the missing range. The
following line is "0xFA,0xFA Reserved", so nothing between 0xFA,0xCA and
0xFA,0xF9 is defined. I initially caught this because the exhaustiveness
check on a Rust pattern match noted that the values didn't cover the whole
range of inputs, so I doubt it's a sorting error either.

Thanks for taking a look!

On Wed, Mar 4, 2020 at 6:37 PM Salz, Rich <rsalz@akamai.com> wrote:

> Using the tls-reg-review mail alias so that IANA sees this.
>
>
>
> I don’t know how the csv or XHTML files are maintained.  Looking at
> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4,
> I see this:
>
>         0xFA,0x00-C9
>
> Unassigned
>
>
>
> Is that the range you mean?
>
>
>
> *From: *Adam Foltzer <acfoltzer@fastly.com>
> *Date: *Wednesday, March 4, 2020 at 6:58 PM
> *To: *Mark Nottingham <mnot@mnot.net>
> *Cc: *Yoav Nir <ynir.ietf@gmail.com>, Rich Salz <rsalz@akamai.com>, Nick
> Sullivan <nick@cloudflare.com>
> *Subject: *Re: Question about the TLS cipher suite registry
>
>
>
> Thanks, Mark!
>
>
>
> Hi everyone,
>
>
>
> I was working with the CSV of the cipher suite registry (
> https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.iana.org_assignments_tls-2Dparameters_tls-2Dparameters-2D4.csv&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=dpcjQ2TVZH5UswHqtHodv3nFO9QiYT-91jWev8I1OVg&s=oWGFQzXXyHhRfUn7HdSz_GjjhhIOk39VO5CKXJ1mG38&e=>)
> and noticed that the value range 0xFA,0xCA-F9 is missing both from the CSV
> and the XHTML table. As far as I can tell, this is the only missing range.
>
>
>
> I wanted to bring this to your attention, as well as ask whether it'd be
> correct to treat these values as Unassigned for the time being.
>
>
>
> Thank you!
>
>
>
> Adam
>
>
>
> On Wed, Mar 4, 2020 at 3:38 PM Mark Nottingham <mnot@mnot.net> wrote:
>
> Gents,
>
> One of my colleagues, Adam (CC:ed) has a question about the TLS cipher
> suite registry.
>
> Over to you, Adam!
>
> Cheers,
>
> --
> Mark Nottingham   https://www.mnot.net/
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mnot.net_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=dpcjQ2TVZH5UswHqtHodv3nFO9QiYT-91jWev8I1OVg&s=SHPGhce_r4u8Yg6qhyG0JBGpU5AMG_DFPiqHswyyPGc&e=>
>
>
>
>
> --
>
> Adam C. Foltzer | Senior Software Engineer
> fastly.com
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__fastly.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=dpcjQ2TVZH5UswHqtHodv3nFO9QiYT-91jWev8I1OVg&s=VXi94D-mlhEn_pyKojowqvnn4s_EtDXYYUZAnU6uKwI&e=>
> | @fastly
>


-- 
Adam C. Foltzer | Senior Software Engineer
fastly.com | @fastly