IETF Logo Mail Archive

Re: [Tls-reg-review] [IANA #1206536] Re: Re: Request to register value in TLS bar registry (tls-parameters)

Смышляев Станислав Вита льевич <svs@cryptopro.ru> Tue, 10 August 2021 17:22 UTC

Return-Path: <svs@cryptopro.ru>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AB8D3A1558 for <tls-reg-review@ietfa.amsl.com>; Tue, 10 Aug 2021 10:22:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cryptopro.ru
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvfdCqaDFVwS for <tls-reg-review@ietfa.amsl.com>; Tue, 10 Aug 2021 10:22:32 -0700 (PDT)
Received: from mx.cryptopro.ru (mx.cryptopro.ru [193.37.157.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A67B03A1557 for <tls-reg-review@ietf.org>; Tue, 10 Aug 2021 10:22:30 -0700 (PDT)
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
DKIM-Signature: v=1; a=rsa-sha256; d=cryptopro.ru; s=mx; c=simple/simple; t=1628616146; h=from:subject:to:date:message-id; bh=5jHwh2IwvqmnZAbei1JYBiK4+J9ZKTwDWr7i+VfAKaA=; b=RmjAfpeq5LS40hkruXaErzGKwPcR/1wvt97OgudI0tVoIDIFxzNi/P9V5HYyObwsuWa5Bw8ObY7 AgzTQNb1LmGnWOSWGUQVXP9x84evmx3w3YbCLsu7wG5U5dDlhwtnaBjX6WzMRUecN6porYo/bU0rD 46NgUJxNtCXTW2M1GWcl7SSbDrJkgKBaLF8rOytOUZuRMZVzrOTLgw2rycuj08Y1wkPrYu0zsTJQD mj6K6pVEqMhSDnmhhp/dP1zzgyeh0VkvOXv2QEaMsorsrm+IGyvgMCs4GOe8GzOY5dgIMlVNtOC08 aDE0I533r78KgKvT6M72a14/Ak9A3OHyKPVA==
Received: from lyra.cp.ru (192.168.68.97) by lyra.cp.ru (192.168.68.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1591.10; Tue, 10 Aug 2021 20:22:25 +0300
Received: from lyra.cp.ru ([::1]) by lyra.cp.ru ([::1]) with mapi id 15.01.1591.017; Tue, 10 Aug 2021 20:22:25 +0300
From: Смышляев Станислав Вита льевич <svs@cryptopro.ru>
To: "kaduk@mit.edu" <kaduk@mit.edu>, "iana-prot-param@iana.org" <iana-prot-param@iana.org>
CC: "ynir.ietf@gmail.com" <ynir.ietf@gmail.com>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>, Коллегин Максим <kollegin@cryptopro.ru>, "geni-cmc@mail.ru" <geni-cmc@mail.ru>, Смышляева Екатерина Сер геевна <ess@cryptopro.ru>, Белявский Дмитрий <beldmit@cryptocom.ru>, Алексеев Евгений Конста нтинович <alekseev@cryptopro.ru>
Thread-Topic: [IANA #1206536] Re: [Tls-reg-review] Re: Request to register value in TLS bar registry (tls-parameters)
Thread-Index: AQHXjgfRN9Jl1lPqvEGdejljeVG1Mqts/IOU
Date: Tue, 10 Aug 2021 17:22:25 +0000
Message-ID: <636DC308-4C5F-459F-87A7-0E83D84A1B76@cryptopro.ru>
References: <RT-Ticket-1206536@icann.org> <RT-Ticket-1135278@icann.org> <1547039768.320095625@f553.i.mail.ru> <74E19738-0B8D-47EA-A684-A5A70E9BE487@gmail.com> <061D39FF-0538-498E-8485-33B92D6893AF@cryptopro.ru> <DA944331-8E53-445A-BB3B-58D1317519DB@gmail.com> <rt-4.4.3-8683-1549049524-638.1135278-37-0@icann.org> <5821D94F-9FFB-42B4-A057-6B61CE90E4A8@gmail.com> <20210806215122.GN50759@kduck.mit.edu> <4d645ecfc2e0470fa7fac3097a95ae62@cryptopro.ru>, <rt-4.4.3-1532-1628614213-1292.1206536-37-0@icann.org>
In-Reply-To: <rt-4.4.3-1532-1628614213-1292.1206536-37-0@icann.org>
Accept-Language: ru-RU, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/y_XMYfwge3yS6f9EQVrArDWznCM>
Subject: Re: [Tls-reg-review] [IANA #1206536] Re: Re: Request to register value in TLS bar registry (tls-parameters)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 17:22:38 -0000

Dear Michelle, 

We’ve started the discussion in a separate thread dedicated to the conflict review (together with Adrian Farrel). 

Of course I would strongly prefer (and ask) that no changes are made at this time, since these identifiers (allocated more than 2.5 years ago) are widely used in many implementations. 

Kind regards,
Stanislav 

> On 10 Aug 2021, at 19:50, Michelle Cotton via RT <iana-prot-param@iana.org> wrote:
> 
> Ben and Stanislav,
> 
> Will there be any changes required to these registrations at this time?
> 
> Or can we resolve this ticket?
> 
> Thanks in advance.
> 
> --Michelle
> 
> Michelle Cotton
> Protocol Parameters Engagement Sr. Manager
> IANA Services
> 
> 
> 
>> On Sat Aug 07 07:48:52 2021, svs@cryptopro.ru wrote:
>> Hi Ben,
>> 
>> Thank you so much for your careful and detailed review (the other
>> authors and I will reply to it in a separate message later in the
>> corresponding Conflict Review thread- I agree with most of your
>> comments)!
>> 
>> Regarding the IANA considerations of the draft-smyshlyaev-tls12-gost-
>> suites document:
>> 1) Those two early allocations for these two SignatureAlgorithms were
>> made two and a half years ago (much earlier than RFC 8447) and are now
>> currently widely used in many implementations in Russia
>> (gostr34102012_256 and gostr34102012_512 are the only signature
>> algorithms used in Russia, they are standardized in ISO/IEC 14888-3).
>> Ben, could you please help us with finding an easy way of solving this
>> issue together (without a specific Standards Track document just for
>> two allocations)?..
>> 2) The four other ciphersuites you asked about (0xC1, 0x03
>> TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L etc.) list another draft as
>> their reference, https://datatracker.ietf.org/doc/draft-smyshlyaev-
>> tls13-gost-suites/ (the only difference in the name is "tls13" instead
>> of "tls12").
>> 
>> Best regards,
>> Stanislav Smyshlyaev, Ph.D.
>> Deputy CEO, CryptoPro LLC
>> 
>> -----Original Message-----
>> From: Benjamin Kaduk <kaduk@mit.edu>
>> Sent: Saturday, August 7, 2021 12:51 AM
>> To: Yoav Nir <ynir.ietf@gmail.com>
>> Cc: iana-prot-param@iana.org; tls-reg-review@ietf.org; geni-
>> cmc@mail.ru; Коллегин Максим <kollegin@cryptopro.ru>; Алексеев Евгений
>> Константинович <alekseev@cryptopro.ru>; Смышляев Станислав Витальевич
>> <svs@cryptopro.ru>; Смышляева Екатерина Сергеевна <ess@cryptopro.ru>;
>> Белявский Дмитрий <beldmit@cryptocom.ru>
>> Subject: Re: [Tls-reg-review] [IANA #1135278] Re: Request to register
>> value in TLS bar registry (tls-parameters)
>> 
>> Sorry to dig up an old thread...
>> 
>>> On Fri, Feb 01, 2019 at 09:50:41PM +0200, Yoav Nir wrote:
>>> Hi, Amanda.  Inline.
>>> 
>>> Authors: please check my answers, especially about the supported
>>> groups.
>>> 
>>>> On 1 Feb 2019, at 21:32, Amanda Baber via RT <iana-prot-
>>>> param@iana.org> wrote:
>>> 
>>>> 3) For the TLS SignatureAlgorithm registrations, can you confirm
>>>> that we should  start from value 64, the beginning of the
>>>> Specification Required range? (Also because the values are marked
>>>> "Reserved" rather than "Unassigned," is it possible to make
>>>> registrations here without an approved document? Is "Reserved,"
>>>> which in RFC 8126 means "unavailable for assignment," meant to
>>>> indicate availability here, as it sometimes did for older
>>>> registries?)
>> 
>> No, "Reserved" does not indicate availability here.
>> 
>> The SignatureAlgorithm registry is nominally closed, having been
>> superseded by the SignatureScheme registry that effectively combines
>> the SignatureAlgorithm and HashAlgorithm registries and is conveyed in
>> the same protocol field.
>> 
>> https://datatracker.ietf.org/doc/html/rfc8447#section-15 is perhaps
>> not as clear about this as it could be, but the intent was to not make
>> additional allocations from this registry.
>> 
>> I think we need to convert these allocations into a handful of
>> corresponding entries in the SignatureScheme registry, to avoid
>> burning a sizeable chunk of the remaining SignatureScheme codepoint
>> space.
>> Fortunately, they seem to only be paired with the 0x08 "intrinsic"
>> hash algorithm, which would help reduce the number of allocations
>> needed in the SignatureScheme registry.
>> 
>> -Ben
>> 
>>> Yes, starting at 64 is fine.
>>> 
> 
>

v2.23.0 | Report a Bug | By Email