Re: [TLS] Uplifting 5289
Yoav Nir <ynir.ietf@gmail.com> Thu, 16 March 2017 20:33 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC35129A64 for <tls@ietfa.amsl.com>; Thu, 16 Mar 2017 13:33:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9k0Wh9Q0ukMG for <tls@ietfa.amsl.com>; Thu, 16 Mar 2017 13:33:24 -0700 (PDT)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6551F129A58 for <tls@ietf.org>; Thu, 16 Mar 2017 13:33:24 -0700 (PDT)
Received: by mail-wm0-x22a.google.com with SMTP id n11so1302506wma.0 for <tls@ietf.org>; Thu, 16 Mar 2017 13:33:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=XIwNhSCWRmh1xtjww+8d5xJs4sBkswAw88eglsTtLso=; b=C0wV0BrhsRzADBR63b6hTBoWKQ2TIAsHmiG78StFFukMuHFiBov5cM+VcRGf42PAPo pu72d/ublmITWmGCTV+H3+I3SaZGX0vN5MVh+BYHz6wMWGEIZm2rolU4cm3mw5AbJse7 TC1TUFI0O1yLLlcSnFJ1xLdlOlHz0KzQjKKN3AYKD2MLFGZCUOm2c6MngUOl18lMEhik NzcQdrE3S+Mo3/glD6ohRdqFa34PmjbnpMgwoHanr6Jgled50OCOihersRnqduaR3W65 uRPXEYPBcwgGnOqS7edSFYlz01fw3QTuj4nBTmoJ1fgdm6WeDgB6nFkOzltK+6+RCghr 0osQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=XIwNhSCWRmh1xtjww+8d5xJs4sBkswAw88eglsTtLso=; b=JEbVh/x2vWK0FOaTaxpxc7vMn6SttvnXRN/Z1e/ADjZWfluQaC9PMYgEaoDcF9CWtV bqbT4V7pBzfpLOhBf9rrImvhsd8yjgKe+bqvBobbz0OXVtJ7EcOel/AkrzkQ1kADkxHX KX8eeRG227FZy4MWNLNVTZzzGuMxa956gkreRZxBh3hO1ahs1TU0YnAWuwqYhu5hmLS5 lh/yBJb7EycFjEsTwPPw4ar6chxPMxs1vbiEcVHqxaB6hDZnkVrYiy1QlKrZO67+A3jn veNezo0SxvlxdfeVR6FcHvZpmHXVC19j8tLENhKL6xdYsVfpnoIGxNsMJsmNESWdO367 NRGg==
X-Gm-Message-State: AFeK/H0IkAEp/nDoSumFbuJE5Q6PD3K5GXXffnnl2MzniAtAO59IJTFLPAmnma60xS0N2Q==
X-Received: by 10.28.107.13 with SMTP id g13mr10884820wmc.105.1489696402924; Thu, 16 Mar 2017 13:33:22 -0700 (PDT)
Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id h65sm5838440wrh.32.2017.03.16.13.33.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Mar 2017 13:33:22 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <B9DDF612-F152-4E42-8E34-367464FA7816@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_AF782F2A-F9E7-48A1-8426-033A753FC61B"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Thu, 16 Mar 2017 22:33:19 +0200
In-Reply-To: <CABcZeBPc2d=vj+y=pNNcuZX9v1b5p+86pY7tBBAFi6erxx54FQ@mail.gmail.com>
Cc: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, "tls@ietf.org" <tls@ietf.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBPb-bHAOKWDqszE1gbVPHH-3HsVSCjGzCdEQB37MyFz4Q@mail.gmail.com> <9D719372-7B07-406B-8C8B-2AC762BDB5F2@gmail.com> <9AF98D89-9183-49F6-A30A-8A2E3301F81E@gmail.com> <5EF7EC11-B453-4FBE-82CB-B3BFB6D9C546@gmail.com> <CABcZeBPc2d=vj+y=pNNcuZX9v1b5p+86pY7tBBAFi6erxx54FQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3jzmLLdkwUDz7D_gGY24KbeTbpM>
Subject: Re: [TLS] Uplifting 5289
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 20:33:26 -0000
Oh, sorry. I missed that it was Informational. In that case there’s just the issue that it has ECDH ciphersuites at a time where 4492bis is deprecating all the other ones. But some of the ciphersuites in there are in wide enough use that it shouldn’t remain Informational. Yes, it should be uplifted then. Yoav > On 16 Mar 2017, at 21:23, Eric Rescorla <ekr@rtfm.com> wrote: > > This is actually uplift to PS. > > On Thu, Mar 16, 2017 at 12:16 PM, Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> wrote: > >> On 16 Mar 2017, at 21:01, Kathleen.Moriarty.ietf@gmail.com <mailto:Kathleen.Moriarty.ietf@gmail.com> wrote: >> >> >> >> Please excuse typos, sent from handheld device >> >>> On Mar 16, 2017, at 11:37 AM, Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> wrote: >>> >>> >>>> On 16 Mar 2017, at 17:17, Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote: >>>> >>>> Hi folks >>>> >>>> I note that we are proposing to uplift RFC 5289 to PS, despite the fact that it >>>> standardizes some CBC cipher suites, which the WG is looking to move away >>>> from. I recognize that these are the only cipher suites you can use in TLS 1.0 >>>> and 1.1, but we also want people to move away from them. >>>> >>>> This problem is probably solvable by marking the registry as Not Recommended, but I wondered if anyone had other thoughts on this topic? >>>> >>> >>> 5289 applies to TLS 1.0, 1.1, and 1.2. It seems strange to uplift a bunch of ciphersuites for 1.2 just as we’re publishing TLS 1.3 which obsoletes 5246. >> >> TLS 1.2 will be in use for a while unless major problems are found, so it's worthwhile IMO. > > I understand that. I’m wondering what message we are trying to convey by publishing or uplifting a full standard for a now-obsolete protocol. > > The Internet works just fine on proposed standards (or even Internet Drafts) > > Yoav > >
- [TLS] Uplifting 5289 Eric Rescorla
- Re: [TLS] Uplifting 5289 Sean Turner
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 kathleen.moriarty.ietf
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 Eric Rescorla
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 Stephen Farrell