Re: [Tls-reg-review] Request to register value in TLS bar registry

[Смышляев Станислав Витальевич <svs@cryptopro.ru>]

Dear Yoav, Rich and Nick,

Do you have any additional questions about this request? Dmitry Belyavsky and I will be very happy to provide any clarifications, if needed.

Best regards,
Stanislav Smyshlyaev, Ph.D.
CISO, CryptoPro LLC

From: Смышляев Станислав Витальевич <svs@cryptopro.ru>
Sent: Wednesday, January 9, 2019 11:26 PM
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: Евгений Алексеев <geni-cmc@mail.ru>; tls-reg-review@ietf.org; Смышляева Екатерина Сергеевна <ess@cryptopro.ru>; Коллегин Максим Дмитриевич <kollegin@cryptopro.ru>; Алексеев Евгений Константинович <alekseev@cryptopro.ru>; Белявский Дмитрий <beldmit@cryptocom.ru>
Subject: Re: [Tls-reg-review] Request to register value in TLS bar registry

CC'ing Dmitry Belyavsky (in case he would like to add some other clarifications), who we discussed the IANA request for the GOST cipher suites with (in Bangkok).

Best regards,
Stanislav Smyshlyaev

9 янв. 2019 г., в 22:52, Смышляев Станислав Витальевич <svs@cryptopro.ru<mailto:svs@cryptopro.ru>> написал(а):
Dear Yoav,

Thank you very much for your comments!
If you don't mind, I'll reply:
1) Yes, Kuznyechik is the new Russian cipher. It is defined in RFC 7801.
2) There's still work in progress on an AEAD mode to be standardized in Russia - and we can't have a TLS 1.3 cipher suite without an AEAD mode. Currently the MGM mode (see https://tools.ietf.org/html/draft-smyshlyaev-mgm-09) is being carefully studied and tends to be the one. Valery Smyslov waits for it also - to be able to work on IKEv2 and ESP with GOSTs.
That's why the current request (and the draft it refers to) is only about TLS 1.2 so far.
3) Unfortunately, there is a misleading statement in the current version of the draft (thank you for pointing to it, Yoav!): actually, {0x00, 0x81} is used for the older cipher suite from https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section-5. The existing implementations of TLS_GOSTR341112_256_WITH_28147_CNT_IMIT use the number {0xFF, 0x85}

Best regards,
Stanislav Smyshlyaev

9 янв. 2019 г., в 21:39, Yoav Nir <ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com>> написал(а):
Hi, Evgeny.

We'll give the answer in a few days. First, I'd like to ask a few clarifying questions:

  *   If I understand correctly, the Kuznyechik ciphers in this document is the new GOST algorithms, right?
  *   I have noticed that this is only for TLS 1.2.  Why not TLS 1.3?
  *   Section 10 mentions that there are existing implementations that use the value {0x00,0x81} for TLS_GOSTR341112_256_WITH_28147_CNT_IMIT.  I see in the IANA registry<https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-4> that this value is free.  Do you want to re-use it?

Thanks

Yoav


On 9 Jan 2019, at 15:16, Евгений Алексеев <geni-cmc=40mail.ru@dmarc.ietf.org<mailto:geni-cmc=40mail.ru@dmarc.ietf.org>> wrote:

Hello!

We would like to ask IANA to assign numbers in accordance with the IANA Considerations section of the "GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.2" document (https://tools.ietf.org/html/draft-smyshlyaev-tls12-gost-suites-04#section-9).

--
Best regards,
Evgeny Alekseev
_______________________________________________
tls-reg-review mailing list
tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>
https://www.ietf.org/mailman/listinfo/tls-reg-review