Re: [Tls-reg-review] Continue to use the one-byte registry for TLSHashAlgorithm identifier
"Salz, Rich" <rsalz@akamai.com> Mon, 17 January 2022 15:23 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D06CF3A0E88; Mon, 17 Jan 2022 07:23:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.574
X-Spam-Level:
X-Spam-Status: No, score=-2.574 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NA7bUs-vVQWn; Mon, 17 Jan 2022 07:23:50 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD4C73A0E86; Mon, 17 Jan 2022 07:23:47 -0800 (PST)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.1.2/8.16.1.2) with ESMTP id 20HEYGVo001597; Mon, 17 Jan 2022 15:23:44 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=vQhrAvgUmsPYzlCaS4NR52ALfTlYamVCuvFT1QIc/70=; b=lodd66FcMeVdYyKw9U9cUtgUdxn0abOdkK7DVwPu95kOYMuimHqWayaE3mEsr0YPKO2e q80NVkxuLQy5ELcEsG6KjYqSs2hXBwTItm3ZqMvsVuc08EeK34x4X5Y8kCPpPbaS73+X cLVljXdL/03QYNwT5oWFAHRSdYlxDYlBHynCEJskh5LALq+7MKF0ZR9Ouw8jfzypgw9/ bczXRB3WMxeF+oCu7TFY4tMCLhedrpFNbZdb2q9M9mR0EiU9tFfSsWifu5SSt1u47noz 3qH0p13m0zPY3fnt2g2b1TlhIlmw27QX3LlDAu+OJIKQZMZT9p1OWs9XzR8NF2fHgAUz Nw==
Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61] (may be forged)) by m0050102.ppops.net-00190b01. (PPS) with ESMTPS id 3dmwexpwes-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 17 Jan 2022 15:23:43 +0000
Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 20HFJwjC011787; Mon, 17 Jan 2022 10:23:43 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint6.akamai.com with ESMTP id 3dktg33h9c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 17 Jan 2022 10:23:42 -0500
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag4mb8.msg.corp.akamai.com (172.27.91.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.922.19; Mon, 17 Jan 2022 10:23:39 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1497.26; Mon, 17 Jan 2022 10:23:39 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.026; Mon, 17 Jan 2022 10:23:39 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
CC: Ken Vaughn <kvaughn@trevilon.com>
Thread-Topic: [Tls-reg-review] Continue to use the one-byte registry for TLSHashAlgorithm identifier
Thread-Index: AQHYC7YzNEex2bijNECDN9tmiVlFtA==
Date: Mon, 17 Jan 2022 15:23:39 +0000
Message-ID: <78AC401B-40FE-4BAE-B488-108B2D28EFFA@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.57.22011101
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: multipart/alternative; boundary="_000_78AC401B40FE4BAEB488108B2D28EFFAakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-01-17_06:2022-01-14, 2022-01-17 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 suspectscore=0 malwarescore=0 mlxscore=0 adultscore=0 spamscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201170098
X-Proofpoint-GUID: X8Mmw6v-blLB7uqPpixWna0HexI-iLGL
X-Proofpoint-ORIG-GUID: X8Mmw6v-blLB7uqPpixWna0HexI-iLGL
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-17_07,2022-01-14_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 priorityscore=1501 bulkscore=0 spamscore=0 impostorscore=0 adultscore=0 malwarescore=0 mlxlogscore=999 phishscore=0 mlxscore=0 lowpriorityscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201170098
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/GkMDK4SW7JYOq3wfMMBs1AKOlaw>
Subject: Re: [Tls-reg-review] Continue to use the one-byte registry for TLSHashAlgorithm identifier
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jan 2022 15:23:55 -0000
I don’t believe this is a decision for the experts to make, but rather must be a TLS WG decision. From: "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org> Date: Sunday, January 16, 2022 at 2:06 PM To: "tls-reg-review@ietf.org" <tls-reg-review@ietf.org> Cc: Ken Vaughn <kvaughn@trevilon.com> Subject: [Tls-reg-review] Continue to use the one-byte registry for TLSHashAlgorithm identifier Hello, experts. Opsawg has adopted work to add (D)TLS 1.3 support for SNMP. One of the pending items in the draft is to see if the one-byte hash registry at https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18<https://urldefense.com/v3/__https:/www.iana.org/assignments/tls-parameters/tls-parameters.xhtml*tls-parameters-18__;Iw!!GjvTz_vk!GymXMXA_8YuetHpfxBiXcLQdQgh9Vjkl1Gpal3UHTu0dRuPMCmJq8r3B2PBB$> can continue to be used for the TLSHashAlgorithm identifier? I know RFC8447 stipulates that this registry is for TLS versions prior to 1.3 whereas TLS 1.3 should use the two-byte SignatureScheme. However, the current SNMP-TLS-TM-MIB defines the fingerprint to be one byte hash identifier. If we can continue to assign hashes one-byte identifiers, this would greatly simplify the currently proposed work. And there does seem to be quite a bit of space left in the TLS HashAlgorithm registry. Any expert insight you can provide would be appreciated. Joe
- [Tls-reg-review] Continue to use the one-byte reg… Joe Clarke (jclarke)
- Re: [Tls-reg-review] Continue to use the one-byte… Salz, Rich
- Re: [Tls-reg-review] Continue to use the one-byte… Yoav Nir
- Re: [Tls-reg-review] Continue to use the one-byte… Benjamin Kaduk
- Re: [Tls-reg-review] Continue to use the one-byte… Joe Clarke (jclarke)