Re: [TLS] Should CCM_8 CSs be Recommended?

Sean Turner <sean@sn3rd.com> Thu, 05 October 2017 16:45 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BBA2132F3F for <tls@ietfa.amsl.com>; Thu, 5 Oct 2017 09:45:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9V6dZoZpJPS for <tls@ietfa.amsl.com>; Thu, 5 Oct 2017 09:45:42 -0700 (PDT)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22DBE132949 for <tls@ietf.org>; Thu, 5 Oct 2017 09:45:42 -0700 (PDT)
Received: by mail-it0-x234.google.com with SMTP id y138so2130902itc.5 for <tls@ietf.org>; Thu, 05 Oct 2017 09:45:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zhEWzrGhSRLh+8dj/oF174MtA9FbXCffjNbgx6sFgYE=; b=H1EOvPES4+BoLMQ/aUuD6Mr2ErRVkjvP1dKm1XEoVJo9RdLnWAIYdEUc9aJSVCZDHb E4+PV1mU6mY3S9gl16tbfmNAslMIUNnB0+mMFbRpV8jbyjsKqLHywzHvZPZZACtX/2QS phEnyUG1Ogf+TDmiqB5gcbim4d3iNy8lXExi4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zhEWzrGhSRLh+8dj/oF174MtA9FbXCffjNbgx6sFgYE=; b=ck1LlZpsCzh7MPYl6qPN5twrwhhmKLhXeN+XKg9Cg+F5neTIqMYVA7MbHuWGBAKJL0 NNkqKoVhMLowvHQ9/b4h7WCOQlWyAsYDe/e4W2795TGql82NLccbzRSbg/B+DXUJfOVa /Dihj8FLDhj6pNzpRDO78/rIpGINjF85ps/NH1wAn7u/qU4rTu6zn8ogkcrska5JxcAB Hdh0n7Ib878Y8oBqJ6v0+7TrH7tapojevCjkphZtYUt2gl64jdr6wRX1YKs6F0v8cJg2 0GQ5dG06JB8wuogNNVQuG7dwaGH2AFIfxZ5CNyPcWJnFHEFteBEjOuTCB1xpiiVmUuqw L3OA==
X-Gm-Message-State: AMCzsaWD42Oqyvt/OLElAJlaVgTwWXg69kRCXbP25E+3k8OWuwKZ84Cf 68NGPMT/U1Z+LsHkvjFcPKPT6A==
X-Google-Smtp-Source: AOwi7QAa2+WOVgyzH+xe5eNY1mxxeYKpsCZJaYDTVPlcJZtPF0AfNhJHK3LSRF/uYG8ZgPVIEIPRuA==
X-Received: by 10.36.140.77 with SMTP id j74mr31154334itd.95.1507221941483; Thu, 05 Oct 2017 09:45:41 -0700 (PDT)
Received: from [5.5.33.173] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id p125sm77346itb.29.2017.10.05.09.45.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Oct 2017 09:45:40 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CY4PR21MB0120E62327D33AD536BDD72E8C730@CY4PR21MB0120.namprd21.prod.outlook.com>
Date: Thu, 05 Oct 2017 09:45:38 -0700
Cc: Joe Salowey <joe@salowey.net>, Rich Salz <rsalz@akamai.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <04B47032-A6C6-4DDE-9C6E-E8A51303A320@sn3rd.com>
References: <CA26DC83-9524-4CDA-910A-7FDCBF73F849@sn3rd.com> <A77ED838-9A38-41AB-B063-FC6BE6996373@akamai.com> <CAOgPGoAH_-i8dpX0Df=bcrS9t_LMi0N+6T-tpr+ybkA3sfn8tg@mail.gmail.com> <CY4PR21MB0120E62327D33AD536BDD72E8C730@CY4PR21MB0120.namprd21.prod.outlook.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2A0j4RoHyVeBnh5Nrjeqo5tXf7M>
Subject: Re: [TLS] Should CCM_8 CSs be Recommended?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2017 16:45:44 -0000

This is exactly how I think about it.

spt

> On Oct 4, 2017, at 12:11, Andrei Popov <Andrei.Popov@microsoft.com> wrote:
> 
> It seems that CCM_8 falls in the “limited applicability” bucket. However, there’s nothing wrong with IoT specs requiring these ciphers in their TLS profiles.
>  
> Cheers,
>  
> Andrei
>  
> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Joseph Salowey
> Sent: Wednesday, October 4, 2017 11:42 AM
> To: Salz, Rich <rsalz@akamai.com>
> Cc: <tls@ietf.org> <tls@ietf.org>
> Subject: Re: [TLS] Should CCM_8 CSs be Recommended?
>  
> The current editor's copy of the draft has the following text about the recommended column:
>  
> The instructions in this document add a recommended column to many of the TLS registries to indicate parameters that are generally recommended for implementations to support. Adding a recommended parameter to a registry or updating a parameter to recommended status requires standards action. Not all parameters defined in standards track documents need to be marked as recommended.
> 
> If an item is marked as not recommended it does not necessarily mean that it is flawed, rather, it indicates that either the item has not been through the IETF consensus process or the item has limited applicability to specific cases.
> 
>  
> On Wed, Oct 4, 2017 at 4:58 AM, Salz, Rich <rsalz@akamai.com> wrote:
> ➢  We’re recommending that these five suites be dropped from the recommended list.  Please let us know what you think.
> 
> 
> Does “recommended” mean for general use, in the public Internet?  Or is it “I know it when I see it” kind of thing?
> 
> Either way, I support un-recommending them
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>  
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls