Re: [Tls-reg-review] [IANA #1135278] Re: Request to register value in TLS bar registry (tls-parameters)
Смышляев Станислав Витальевич <svs@cryptopro.ru> Fri, 01 February 2019 21:30 UTC
Return-Path: <svs@cryptopro.ru>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E711F130EC2 for <tls-reg-review@ietfa.amsl.com>; Fri, 1 Feb 2019 13:30:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.919
X-Spam-Level:
X-Spam-Status: No, score=-0.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HcsjI7iRiOQp for <tls-reg-review@ietfa.amsl.com>; Fri, 1 Feb 2019 13:30:16 -0800 (PST)
Received: from mx.cryptopro.ru (mx.cryptopro.ru [193.37.157.34]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E98B8130EB4 for <tls-reg-review@ietf.org>; Fri, 1 Feb 2019 13:30:14 -0800 (PST)
Received: from owacp.cp.ru (192.168.68.95) by pegas.cp.ru (192.168.68.231) with Microsoft SMTP Server (TLS) id 14.3.399.0; Sat, 2 Feb 2019 00:30:11 +0300
Received: from lyra.cp.ru (192.168.68.97) by owacp.cp.ru (192.168.68.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1591.10; Sat, 2 Feb 2019 00:30:06 +0300
Received: from lyra.cp.ru ([fe80::4bc:f7b8:7a12:90eb]) by lyra.cp.ru ([::1]) with mapi id 15.01.1591.012; Sat, 2 Feb 2019 00:30:06 +0300
From: Смышляев Станислав Вита льевич <svs@cryptopro.ru>
To: Yoav Nir <ynir.ietf@gmail.com>
CC: "iana-prot-param@iana.org" <iana-prot-param@iana.org>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>, Коллегин Максим Дмитрие вич <kollegin@cryptopro.ru>, "geni-cmc@mail.ru" <geni-cmc@mail.ru>, Смышляева Екатерина Сер геевна <ess@cryptopro.ru>, Белявский Дмитрий <beldmit@cryptocom.ru>, Алексеев Евгений Конста нтинович <alekseev@cryptopro.ru>
Thread-Topic: [IANA #1135278] Re: [Tls-reg-review] Request to register value in TLS bar registry (tls-parameters)
Thread-Index: AQHUumTVYKhLt1899U+sr1bIozGYtqXLJ76AgABOEIU=
Date: Fri, 01 Feb 2019 21:30:06 +0000
Message-ID: <6740F69A-9918-478F-A509-8A61D323EFCA@cryptopro.ru>
References: <RT-Ticket-1135278@icann.org> <1547039768.320095625@f553.i.mail.ru> <74E19738-0B8D-47EA-A684-A5A70E9BE487@gmail.com> <061D39FF-0538-498E-8485-33B92D6893AF@cryptopro.ru> <0408EA40-18F5-46A0-A5A8-BA667BFD4490@cryptopro.ru> <d665d166418d468c8c24bc45719d7e07@cryptopro.ru> <DA944331-8E53-445A-BB3B-58D1317519DB@gmail.com> <rt-4.4.3-8683-1549049524-638.1135278-37-0@icann.org>, <5821D94F-9FFB-42B4-A057-6B61CE90E4A8@gmail.com>
In-Reply-To: <5821D94F-9FFB-42B4-A057-6B61CE90E4A8@gmail.com>
Accept-Language: ru-RU, en-US
Content-Language: ru-RU
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_6740F69A9918478FA5098A61D323EFCAcryptoproru_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/jbisCeTeKeNvGHf8I9qoC2bmIak>
Subject: Re: [Tls-reg-review] [IANA #1135278] Re: Request to register value in TLS bar registry (tls-parameters)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 21:30:19 -0000
Dear Yoav, Dear Amanda, Thank you very much for your prompt reply! * The others (TBD7, TBD8, TBD9) are finite field, so they should start at 261. Let me correct you a little here, if you don’t mind: these three are also elliptic curve ones (they are defined in RFC 4357 along with finite field ones, but these three are elliptic curves, unlike GOST R 34.10-94 parameters, which were finite field ones). So all TBD6-TBD12 should start at 34. None of these are IETF-endorsed algorithms, so the Recommended column is ’N’. The numbers are fine, but I believe that no specific numbers were requested, so any numbers should be OK. {0xFF, 0x85} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT is perfect, but another one ({0xFF, 0x83} collides with a privately used (by someone) old SSL_RSA_WITH_3DES_EDE_CBC_MD5. So, if possible, it would be great if you could assign the following numbers, for example: {0xFF, 0x89} to TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC, {0xFF, 0x88} to TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC, (and {0xFF, 0x85} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT, as you have proposed) Of course, “N” in “Recommended” column for all of them. Thank you very much! Best regards, Stanislav 1 февр. 2019 г., в 22:50, Yoav Nir <ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com>> написал(а): Hi, Amanda. Inline. Authors: please check my answers, especially about the supported groups. On 1 Feb 2019, at 21:32, Amanda Baber via RT <iana-prot-param@iana.org<mailto:iana-prot-param@iana.org>> wrote: Hi Yoav, We have questions about these registrations: 1) Do you want us to make all of the registrations in the IANA Considerations section, or is this request just referring to the TLS Cipher Suites? [YN] - all of it 2) Which values are we assigning to the TLS Cipher Suites? Are we assigning {0xFF, 0x83} to TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC, {0xFF, 0x84} to TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC, and {0xFF, 0x85} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT ? Also, is the value of the "Recommended" column "N”? None of these are IETF-endorsed algorithms, so the Recommended column is ’N’. The numbers are fine, but I believe that no specific numbers were requested, so any numbers should be OK. 3) For the TLS SignatureAlgorithm registrations, can you confirm that we should start from value 64, the beginning of the Specification Required range? (Also because the values are marked "Reserved" rather than "Unassigned," is it possible to make registrations here without an approved document? Is "Reserved," which in RFC 8126 means "unavailable for assignment," meant to indicate availability here, as it sometimes did for older registries?) Yes, starting at 64 is fine. 4) For the TLS Supported Groups registrations, should we start from value 34, 261, 512, or 65283? That’s a little complex. Authors, please check that I am correct here: * GC256A (TBD6), GC512A (TBD10), GC512B (TBD11), and GC512C (TBD12) are elliptic curve, so they should start at 34. * The others (TBD7, TBD8, TBD9) are finite field, so they should start at 261. 5) Can you confirm that the TLS ClientCertificateType Identifiers registrations should start from 67, the first available value in the Specification Required range? Sure. The registries are here: https://www.iana.org/assignments/tls-parameters Best regards, Amanda Baber Lead IANA Services Specialist On Fri Feb 01 18:58:12 2019, ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com> wrote: [Adding IANA] Hi, Stanislav Sorry for dropping this. Yes, we’ve considered this, and you can definitely have the registration as described in your draft. Yoav https://tools.ietf.org/html/draft-smyshlyaev-tls12-gost-suites- 04#section-9 <https://tools.ietf.org/html/draft-smyshlyaev-tls12-gost- suites-04#section-9> On 1 Feb 2019, at 9:28, Смышляев Станислав Витальевич <svs@cryptopro.ru<mailto:svs@cryptopro.ru>> wrote: Dear Yoav, Rich and Nick, Do you have any additional questions about this request? Dmitry Belyavsky and I will be very happy to provide any clarifications, if needed. Best regards, Stanislav Smyshlyaev, Ph.D. CISO, CryptoPro LLC From: Смышляев Станислав Витальевич <svs@cryptopro.ru<mailto:svs@cryptopro.ru>> Sent: Wednesday, January 9, 2019 11:26 PM To: Yoav Nir <ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com>> Cc: Евгений Алексеев <geni-cmc@mail.ru<mailto:geni-cmc@mail.ru>>; tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>; Смышляева Екатерина Сергеевна <ess@cryptopro.ru<mailto:ess@cryptopro.ru>>; Коллегин Максим Дмитриевич <kollegin@cryptopro.ru<mailto:kollegin@cryptopro.ru>>; Алексеев Евгений Константинович <alekseev@cryptopro.ru<mailto:alekseev@cryptopro.ru>>; Белявский Дмитрий <beldmit@cryptocom.ru<mailto:beldmit@cryptocom.ru>> Subject: Re: [Tls-reg-review] Request to register value in TLS bar registry CC’ing Dmitry Belyavsky (in case he would like to add some other clarifications), who we discussed the IANA request for the GOST cipher suites with (in Bangkok). Best regards, Stanislav Smyshlyaev 9 янв. 2019 г., в 22:52, Смышляев Станислав Витальевич <svs@cryptopro.ru<mailto:svs@cryptopro.ru> <mailto:svs@cryptopro.ru>> написал(а): Dear Yoav, Thank you very much for your comments! If you don’t mind, I’ll reply: 1) Yes, Kuznyechik is the new Russian cipher. It is defined in RFC 7801. 2) There’s still work in progress on an AEAD mode to be standardized in Russia - and we can’t have a TLS 1.3 cipher suite without an AEAD mode. Currently the MGM mode (see https://tools.ietf.org/html/draft- smyshlyaev-mgm-09 <https://tools.ietf.org/html/draft-smyshlyaev-mgm- 09>) is being carefully studied and tends to be the one. Valery Smyslov waits for it also - to be able to work on IKEv2 and ESP with GOSTs. That’s why the current request (and the draft it refers to) is only about TLS 1.2 so far. 3) Unfortunately, there is a misleading statement in the current version of the draft (thank you for pointing to it, Yoav!): actually, {0x00, 0x81} is used for the older cipher suite from https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section-5 <https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section- 5>. The existing implementations of TLS_GOSTR341112_256_WITH_28147_CNT_IMIT use the number {0xFF, 0x85} Best regards, Stanislav Smyshlyaev 9 янв. 2019 г., в 21:39, Yoav Nir <ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com> <mailto:ynir.ietf@gmail.com>> написал(а): Hi, Evgeny. We’ll give the answer in a few days. First, I’d like to ask a few clarifying questions: If I understand correctly, the Kuznyechik ciphers in this document is the new GOST algorithms, right? I have noticed that this is only for TLS 1.2. Why not TLS 1.3? Section 10 mentions that there are existing implementations that use the value {0x00,0x81} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT. I see in the IANA registry <https://www.iana.org/assignments/tls- parameters/tls-parameters.xml#tls-parameters-4> that this value is free. Do you want to re-use it? Thanks Yoav On 9 Jan 2019, at 15:16, Евгений Алексеев <geni- cmc=40mail.ru@dmarc.ietf.org<mailto:cmc=40mail.ru@dmarc.ietf.org> <mailto:geni- cmc=40mail.ru@dmarc.ietf.org<mailto:cmc=40mail.ru@dmarc.ietf.org>>> wrote: Hello! We would like to ask IANA to assign numbers in accordance with the IANA Considerations section of the "GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.2" document (https://tools.ietf.org/html/draft-smyshlyaev-tls12-gost-suites- 04#section-9 <https://tools.ietf.org/html/draft-smyshlyaev-tls12- gost-suites-04#section-9>). -- Best regards, Evgeny Alekseev _______________________________________________ tls-reg-review mailing list tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org> <mailto:tls-reg-review@ietf.org> https://www.ietf.org/mailman/listinfo/tls-reg-review <https://www.ietf.org/mailman/listinfo/tls-reg-review>
- [Tls-reg-review] Request to register value in TLS… Евгений Алексеев
- Re: [Tls-reg-review] Request to register value in… Yoav Nir
- Re: [Tls-reg-review] Request to register value in… Смышляев Станислав Витальевич
- Re: [Tls-reg-review] Request to register value in… Смышляев Станислав Витальевич
- Re: [Tls-reg-review] Request to register value in… Смышляев Станислав Витальевич
- Re: [Tls-reg-review] Request to register value in… Yoav Nir
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Yoav Nir
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Смышляев Станислав Витальевич
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Benjamin Kaduk
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Смышляев Станислав Витальевич
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Смышляев Станислав Витальевич
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Benjamin Kaduk
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Смышляев Станислав Витальевич
- [Tls-reg-review] [IANA #1206536] Re: Re: Request … Michelle Cotton via RT
- Re: [Tls-reg-review] [IANA #1206536] Re: Re: Requ… Смышляев Станислав Вита льевич
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Benjamin Kaduk
- Re: [Tls-reg-review] [IANA #1206536] Re: Re: Requ… Benjamin Kaduk
- Re: [Tls-reg-review] [IANA #1135278] Re: Request … Смышляев Станислав Вита льевич