IETF Logo Mail Archive

Re: [Tls-reg-review] [IANA #1135278] Re: Request to register value in TLS bar registry (tls-parameters)

Смышляев Станислав Витальевич <svs@cryptopro.ru> Sat, 02 February 2019 07:20 UTC

Return-Path: <svs@cryptopro.ru>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC06130EB8 for <tls-reg-review@ietfa.amsl.com>; Fri, 1 Feb 2019 23:20:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.921
X-Spam-Level:
X-Spam-Status: No, score=-0.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAjHg3kcP4Ru for <tls-reg-review@ietfa.amsl.com>; Fri, 1 Feb 2019 23:20:26 -0800 (PST)
Received: from mx.cryptopro.ru (mx.cryptopro.ru [193.37.157.34]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F204128766 for <tls-reg-review@ietf.org>; Fri, 1 Feb 2019 23:20:24 -0800 (PST)
Received: from owacp.cp.ru (192.168.68.95) by pegas.cp.ru (192.168.68.231) with Microsoft SMTP Server (TLS) id 14.3.399.0; Sat, 2 Feb 2019 10:20:21 +0300
Received: from lyra.cp.ru (192.168.68.97) by owacp.cp.ru (192.168.68.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1591.10; Sat, 2 Feb 2019 10:20:20 +0300
Received: from lyra.cp.ru ([fe80::4bc:f7b8:7a12:90eb]) by lyra.cp.ru ([::1]) with mapi id 15.01.1591.012; Sat, 2 Feb 2019 10:20:20 +0300
From: Смышляев Станислав Вита льевич <svs@cryptopro.ru>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: Yoav Nir <ynir.ietf@gmail.com>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>, "geni-cmc@mail.ru" <geni-cmc@mail.ru>, Коллегин Максим Дмитрие вич <kollegin@cryptopro.ru>, Алексеев Евгений Конста нтинович <alekseev@cryptopro.ru>, "iana-prot-param@iana.org" <iana-prot-param@iana.org>, Смышляева Екатерина Сер геевна <ess@cryptopro.ru>, Белявский Дмитрий <beldmit@cryptocom.ru>
Thread-Topic: [Tls-reg-review] [IANA #1135278] Re: Request to register value in TLS bar registry (tls-parameters)
Thread-Index: AQHUurBrihAbtKwOok2mnjBpUNwyZ6XMFG/w
Date: Sat, 02 Feb 2019 07:20:20 +0000
Message-ID: <cd3df39535644902bdd0274e177b7a74@cryptopro.ru>
References: <RT-Ticket-1135278@icann.org> <1547039768.320095625@f553.i.mail.ru> <74E19738-0B8D-47EA-A684-A5A70E9BE487@gmail.com> <061D39FF-0538-498E-8485-33B92D6893AF@cryptopro.ru> <0408EA40-18F5-46A0-A5A8-BA667BFD4490@cryptopro.ru> <d665d166418d468c8c24bc45719d7e07@cryptopro.ru> <DA944331-8E53-445A-BB3B-58D1317519DB@gmail.com> <rt-4.4.3-8683-1549049524-638.1135278-37-0@icann.org> <5821D94F-9FFB-42B4-A057-6B61CE90E4A8@gmail.com> <6740F69A-9918-478F-A509-8A61D323EFCA@cryptopro.ru> <20190202043256.GA93251@kduck.mit.edu>
In-Reply-To: <20190202043256.GA93251@kduck.mit.edu>
Accept-Language: ru-RU, en-US
Content-Language: ru-RU
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.84.131]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/D44f-Il-qKU31J9mZRKYn2nttwc>
Subject: Re: [Tls-reg-review] [IANA #1135278] Re: Request to register value in TLS bar registry (tls-parameters)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Feb 2019 07:20:28 -0000

Dear Benjamin,

I haven't seen this SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83 in real life myself - found it in https://opensource.apple.com/source/Security/Security-55163.44/libsecurity_ssl/Security/CipherSuite.h?txt. And it is marked as "for SSL 2 cipher kinds which are not specified for SSL 3". So it seems that it's old as hell and may not be worth specifying it. 


P.S.: Regarding particular numbers for GOSTs: I don't think that it will be a real problem if that 0xFF83 goes to a GOST suite defined for TLS 1.2. I just mentioned that, other things being equal, I would prefer {0xFF, 0x89} and {0xFF, 0x88}, since it is used in preliminary implementations - but not in widely available ones yet, so there won't be a huge problem to change to {0xFF, 0x83} and {0xFF, 0x84}.

And {0xFF, 0x85} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT is actually widely used in Russia, so this particular number is quite important.

Best regards,
Stanislav Smyshlyaev, Ph.D.
CISO, CryptoPro LLC

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu> 
Sent: Saturday, February 2, 2019 7:33 AM
To: Смышляев Станислав Витальевич <svs@cryptopro.ru>
Cc: Yoav Nir <ynir.ietf@gmail.com>; tls-reg-review@ietf.org; geni-cmc@mail.ru; Коллегин Максим Дмитриевич <kollegin@cryptopro.ru>; Алексеев Евгений Константинович <alekseev@cryptopro.ru>; iana-prot-param@iana.org; Смышляева Екатерина Сергеевна <ess@cryptopro.ru>; Белявский Дмитрий <beldmit@cryptocom.ru>
Subject: Re: [Tls-reg-review] [IANA #1135278] Re: Request to register value in TLS bar registry (tls-parameters)

On Fri, Feb 01, 2019 at 09:30:06PM +0000, Смышляев Станислав Витальевич wrote:
>    Dear Yoav, Dear Amanda,
>    Thank you very much for your prompt reply!
> 
>        * The others (TBD7, TBD8, TBD9) are finite field, so they should start
>          at 261.
> 
>    Let me correct you a little here, if you don't mind: these three are also
>    elliptic curve ones (they are defined in RFC 4357 along with finite field
>    ones, but these three are elliptic curves, unlike GOST R 34.10-94
>    parameters, which were finite field ones). So all TBD6-TBD12 should start
>    at 34. 
> 
>      None of these are IETF-endorsed algorithms, so the Recommended column is
>      'N'.  The numbers are fine, but I believe that no specific numbers were
>      requested, so any numbers should be OK.
> 
>      {0xFF, 0x85} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT
> 
>    is perfect, but another one ({0xFF, 0x83} collides with a privately used
>    (by someone) old SSL_RSA_WITH_3DES_EDE_CBC_MD5. 

Do we know anything more about this private use?  It may be worth writing a brief document noting it and marking it as such in the registry.

-Ben

>    So, if possible, it would be great if you could assign the following
>    numbers, for example:
>    {0xFF, 0x89} to TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC, 
>    {0xFF, 0x88} to TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC,
>    (and 
>    {0xFF, 0x85} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT, as you have
>    proposed)
>    Of course, "N" in "Recommended" column for all of them. 
>    Thank you very much!
>    Best regards,
>    Stanislav

v2.23.0 | Report a Bug | By Email