IETF Logo Mail Archive

Re: [Tls-reg-review] [IANA #1135278] Re: Request to register value in TLS bar registry (tls-parameters)

Yoav Nir <ynir.ietf@gmail.com> Fri, 01 February 2019 19:50 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4832A130E84 for <tls-reg-review@ietfa.amsl.com>; Fri, 1 Feb 2019 11:50:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KV8Iqo9Oe5vH for <tls-reg-review@ietfa.amsl.com>; Fri, 1 Feb 2019 11:50:47 -0800 (PST)
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 560D0128B01 for <tls-reg-review@ietf.org>; Fri, 1 Feb 2019 11:50:47 -0800 (PST)
Received: by mail-wr1-x430.google.com with SMTP id q18so8325216wrx.9 for <tls-reg-review@ietf.org>; Fri, 01 Feb 2019 11:50:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=fYZJahdflZqgYUcqAhd4Z+0yvh8zPHGBDMuHoqZ7mYE=; b=VlREPY4Ww6dbB+XJ+16xk+Fzt0CsHu1YPYqKzOtPo108Q2jAF1/OwA8A39oC1xEmUn d+N+fhlVjBJR+ZtDvXeNngjuQ3S9X2ct8ssFvWIzmeUp49WTVEX7oymHOXANWShBaB4F XlWbOVeSQuWJyNj8gmVlYu8JD9JAavXiOIkXR4+pJbiB33n8qSpc41moetSlPE1DrZV8 pKw5KBW7YqQrBhxGsqhdTfjGIw5jirVZMmaFGW9SzKpsds87rACxlhBMtRRwDQzBqAII DMyIsdjfnXZGnjs/6maHL9bKvUWNfpvjBVdI6h8xbrYtZemvUXKvOeywyipBJoWtwZ6k EoCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=fYZJahdflZqgYUcqAhd4Z+0yvh8zPHGBDMuHoqZ7mYE=; b=osX4fzbt+fozxrfHZ7FCFogwv4S74mVTc0pfzSTOK4kP6CIvvbDRqR6UIzZ8Niy/Jb gIcQ4EfXw+/7uqeATQvb0XtA+Uu6GpLpM5VsVqv9qIK8vGHdLccHvhN3MFlbkHyDEtXM nNEjUXwMs+R9Ccs48nydIeeGHJ2WKx8Ht5E8vJVe8wuiRPm54lpW9gfdM6PP4BRJEKzn 5919+5lQlqyAqGAJNsOUwK7Ra7+A3I+0ug1h0pE6lzx3LTRTA/gyZQA+u1BwSGgFdCTn oBGv0SglmRNifhA+vL4EnmBJl6PkQ7AAVCn0SRWU5Djistv7Kt7MFmUV/GJl2D2Zfwi8 m7dw==
X-Gm-Message-State: AHQUAuY67h3lzwPCMT2QZm4u3Tr7C4RbsLxmlh3d0T8eH71j7X/ZS1ML vpqzHcXN2r7jAxidKZYTAEI=
X-Google-Smtp-Source: AHgI3Ia6CyRssIqs8t6y8TddaX3YjE0bbe4o/qCe2rIwdp0nTY/gOcGsNPatIQla2f7rAYEp2wCAtg==
X-Received: by 2002:a5d:5492:: with SMTP id h18mr3213152wrv.322.1549050645601; Fri, 01 Feb 2019 11:50:45 -0800 (PST)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id p10sm5856678wrt.25.2019.02.01.11.50.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Feb 2019 11:50:44 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <5821D94F-9FFB-42B4-A057-6B61CE90E4A8@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A0D60C91-7A05-4D0A-958F-F35D4F7A4454"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Fri, 01 Feb 2019 21:50:41 +0200
In-Reply-To: <rt-4.4.3-8683-1549049524-638.1135278-37-0@icann.org>
Cc: tls-reg-review@ietf.org, svs@cryptopro.ru, kollegin@cryptopro.ru, geni-cmc@mail.ru, ess@cryptopro.ru, beldmit@cryptocom.ru, alekseev@cryptopro.ru
To: iana-prot-param@iana.org
References: <RT-Ticket-1135278@icann.org> <1547039768.320095625@f553.i.mail.ru> <74E19738-0B8D-47EA-A684-A5A70E9BE487@gmail.com> <061D39FF-0538-498E-8485-33B92D6893AF@cryptopro.ru> <0408EA40-18F5-46A0-A5A8-BA667BFD4490@cryptopro.ru> <d665d166418d468c8c24bc45719d7e07@cryptopro.ru> <DA944331-8E53-445A-BB3B-58D1317519DB@gmail.com> <rt-4.4.3-8683-1549049524-638.1135278-37-0@icann.org>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/WvJJ5LB2bmNuPbXxl9bUqyV8G2k>
Subject: Re: [Tls-reg-review] [IANA #1135278] Re: Request to register value in TLS bar registry (tls-parameters)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 19:50:51 -0000

Hi, Amanda.  Inline.

Authors: please check my answers, especially about the supported groups.

> On 1 Feb 2019, at 21:32, Amanda Baber via RT <iana-prot-param@iana.org> wrote:
> 
> Hi Yoav,
> 
> We have questions about these registrations:
> 
> 1) Do you want us to make all of the registrations in the IANA Considerations section, or is this request just referring to the TLS Cipher Suites?

[YN] - all of it

> 2) Which values are we assigning to the TLS Cipher Suites? Are we assigning {0xFF, 0x83} to TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC, {0xFF, 0x84} to TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC, and {0xFF, 0x85} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT ? Also, is the value of the "Recommended" column "N”?

None of these are IETF-endorsed algorithms, so the Recommended column is ’N’.  The numbers are fine, but I believe that no specific numbers were requested, so any numbers should be OK.

> 3) For the TLS SignatureAlgorithm registrations, can you confirm that we should  start from value 64, the beginning of the Specification Required range? (Also because the values are marked "Reserved" rather than "Unassigned," is it possible to make registrations here without an approved document? Is "Reserved," which in RFC 8126 means "unavailable for assignment," meant to indicate availability here, as it sometimes did for older registries?)

Yes, starting at 64 is fine.

> 4) For the TLS Supported Groups registrations, should we start from value 34, 261, 512, or 65283?

That’s a little complex.  Authors, please check that I am correct here:
GC256A (TBD6), GC512A (TBD10), GC512B (TBD11), and GC512C (TBD12) are elliptic curve, so they should start at 34.
The others (TBD7, TBD8, TBD9) are finite field, so they should start at 261.

> 5) Can you confirm that the TLS ClientCertificateType Identifiers registrations should start from 67, the first available value in the Specification Required range?

Sure.

> The registries are here:
> 
> https://www.iana.org/assignments/tls-parameters
> 
> Best regards,
> 
> Amanda Baber
> Lead IANA Services Specialist
> 
> On Fri Feb 01 18:58:12 2019, ynir.ietf@gmail.com wrote:
>> [Adding IANA]
>> 
>> Hi, Stanislav
>> 
>> Sorry for dropping this.  Yes, we’ve considered this, and you can
>> definitely have the registration as described in your draft.
>> 
>> Yoav
>> 
>> https://tools.ietf.org/html/draft-smyshlyaev-tls12-gost-suites-
>> 04#section-9 <https://tools.ietf.org/html/draft-smyshlyaev-tls12-gost-
>> suites-04#section-9>
>> 
>> 
>>> On 1 Feb 2019, at 9:28, Смышляев Станислав Витальевич
>>> <svs@cryptopro.ru> wrote:
>>> 
>>> Dear Yoav, Rich and Nick,
>>> 
>>> Do you have any additional questions about this request? Dmitry
>>> Belyavsky and I will be very happy to provide any clarifications, if
>>> needed.
>>> 
>>> Best regards,
>>> Stanislav Smyshlyaev, Ph.D.
>>> CISO, CryptoPro LLC
>>> 
>>> From: Смышляев Станислав Витальевич <svs@cryptopro.ru>
>>> Sent: Wednesday, January 9, 2019 11:26 PM
>>> To: Yoav Nir <ynir.ietf@gmail.com>
>>> Cc: Евгений Алексеев <geni-cmc@mail.ru>; tls-reg-review@ietf.org;
>>> Смышляева Екатерина Сергеевна <ess@cryptopro.ru>; Коллегин Максим
>>> Дмитриевич <kollegin@cryptopro.ru>; Алексеев Евгений Константинович
>>> <alekseev@cryptopro.ru>; Белявский Дмитрий <beldmit@cryptocom.ru>
>>> Subject: Re: [Tls-reg-review] Request to register value in TLS bar
>>> registry
>>> 
>>> CC’ing Dmitry Belyavsky (in case he would like to add some other
>>> clarifications), who we discussed the IANA request for the GOST
>>> cipher suites with (in Bangkok).
>>> 
>>> Best regards,
>>> Stanislav Smyshlyaev
>>> 
>>> 
>>> 9 янв. 2019 г., в 22:52, Смышляев Станислав Витальевич
>>> <svs@cryptopro.ru <mailto:svs@cryptopro.ru>> написал(а):
>>> 
>>> Dear Yoav,
>>> 
>>> Thank you very much for your comments!
>>> If you don’t mind, I’ll reply:
>>> 1) Yes, Kuznyechik is the new Russian cipher. It is defined in RFC
>>> 7801.
>>> 2) There’s still work in progress on an AEAD mode to be standardized
>>> in Russia - and we can’t have a TLS 1.3 cipher suite without an AEAD
>>> mode. Currently the MGM mode (see https://tools.ietf.org/html/draft-
>>> smyshlyaev-mgm-09 <https://tools.ietf.org/html/draft-smyshlyaev-mgm-
>>> 09>) is being carefully studied and tends to be the one. Valery
>>> Smyslov waits for it also - to be able to work on IKEv2 and ESP with
>>> GOSTs.
>>> That’s why the current request (and the draft it refers to) is only
>>> about TLS 1.2 so far.
>>> 3) Unfortunately, there is a misleading statement in the current
>>> version of the draft (thank you for pointing to it, Yoav!): actually,
>>> {0x00, 0x81} is used for the older cipher suite from
>>> https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section-5
>>> <https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section-
>>> 5>. The existing implementations of
>>> TLS_GOSTR341112_256_WITH_28147_CNT_IMIT use the number {0xFF, 0x85}
>>> 
>>> Best regards,
>>> Stanislav Smyshlyaev
>>> 
>>> 9 янв. 2019 г., в 21:39, Yoav Nir <ynir.ietf@gmail.com
>>> <mailto:ynir.ietf@gmail.com>> написал(а):
>>> 
>>> Hi, Evgeny.
>>> 
>>> We’ll give the answer in a few days. First, I’d like to ask a few
>>> clarifying questions:
>>> If I understand correctly, the Kuznyechik ciphers in this document is
>>> the new GOST algorithms, right?
>>> I have noticed that this is only for TLS 1.2.  Why not TLS 1.3?
>>> Section 10 mentions that there are existing implementations that use
>>> the value {0x00,0x81} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT.  I
>>> see in the IANA registry <https://www.iana.org/assignments/tls-
>>> parameters/tls-parameters.xml#tls-parameters-4> that this value is
>>> free.  Do you want to re-use it?
>>> 
>>> Thanks
>>> 
>>> Yoav
>>> 
>>> 
>>> On 9 Jan 2019, at 15:16, Евгений Алексеев <geni-
>>> cmc=40mail.ru@dmarc.ietf.org <mailto:geni-
>>> cmc=40mail.ru@dmarc.ietf.org>> wrote:
>>> 
>>> Hello!
>>> 
>>> We would like to ask IANA to assign numbers in accordance with the
>>> IANA Considerations section of the "GOST Cipher Suites for Transport
>>> Layer Security (TLS) Protocol Version 1.2" document
>>> (https://tools.ietf.org/html/draft-smyshlyaev-tls12-gost-suites-
>>> 04#section-9 <https://tools.ietf.org/html/draft-smyshlyaev-tls12-
>>> gost-suites-04#section-9>).
>>> 
>>> --
>>> Best regards,
>>> Evgeny Alekseev
>>> _______________________________________________
>>> tls-reg-review mailing list
>>> tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/tls-reg-review
>>> <https://www.ietf.org/mailman/listinfo/tls-reg-review>
>

v2.23.0 | Report a Bug | By Email