Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26: (with COMMENT)
Sean Turner <sean@sn3rd.com> Mon, 12 March 2018 23:05 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C79D1201F8 for <tls@ietfa.amsl.com>; Mon, 12 Mar 2018 16:05:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RsP7thXgl8s for <tls@ietfa.amsl.com>; Mon, 12 Mar 2018 16:05:47 -0700 (PDT)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2AF512704A for <tls@ietf.org>; Mon, 12 Mar 2018 16:05:44 -0700 (PDT)
Received: by mail-pf0-x235.google.com with SMTP id y186so5039573pfb.2 for <tls@ietf.org>; Mon, 12 Mar 2018 16:05:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=g1s1JBF54yn2Gx3yYTi/CfIDbmofbbiM1TKwtxctFDw=; b=RdvhCQNYAyHhTlHgpyuKL9Da4NnpAg7HPJdjUGF9MO7GJOG+bMjPZh+aMRLKtGoZR0 s90Dfvbp1YTK67+h9Dt7VuByVgfqvRO1a4KKI8ME4S6mBsjuL4GtaoFvb7Lc3nPAg6TV Rz3lsGSi4BLsSvoUC/b7PCZkG2q/bbdyHK7sM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=g1s1JBF54yn2Gx3yYTi/CfIDbmofbbiM1TKwtxctFDw=; b=dADVrpKqL1CwQmPwT4wWtybngUwfDYXbwyH6DJPlqroh/hEmtFEtHPJ0MH7veZiVJ4 u5P/46wjUOmnem3M1gL5gfzXnMWtzQsQibBQX/Au7nQcGd1I8AvqyoXQxiwrPexipVNm 9VeAkPXSX9+zMxQtisA1iLLkqBhowxlrnF7YiAfSAcBKaZw3prqllu43AekXe4+8qaaa 0pKzuw0iZEdaVje5Irb0UrtFLW9u8xPE0uMF855THBKJqTZ7BGayxYD/NdOZYM6/q+i0 7jtxyoCgVYdLsrNlkvMrmkSOrFkEFmfuKq81Og5w5ROq7y8GwacJBb5XM0S2cps4pQTM HQMQ==
X-Gm-Message-State: AElRT7GES8HnCapSYAGMvaNituYSpGt8hDmqfXxtgojpAupDZjMWrTNG aSmyXtTl7X4t/wsZ86USolWjKw==
X-Google-Smtp-Source: AG47ELupMKfQ+d439xOl9N8yJMH2qSAlRSZhTs0YhDprwXl+OzCr5kZUsg464qonY+TEvHcqR/bMcQ==
X-Received: by 10.98.139.145 with SMTP id e17mr9525383pfl.53.1520895944343; Mon, 12 Mar 2018 16:05:44 -0700 (PDT)
Received: from [5.5.33.141] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id x14sm5047402pgc.13.2018.03.12.16.05.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Mar 2018 16:05:43 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <300f4b0e-f0a3-111d-306b-02de1e81b5a1@nostrum.com>
Date: Mon, 12 Mar 2018 23:05:35 +0000
Cc: Eric Rescorla <ekr@rtfm.com>, The IESG <iesg@ietf.org>, draft-ietf-tls-tls13@ietf.org, tls-chairs <tls-chairs@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4067B035-AE7E-4D2F-BC6D-264732401B2F@sn3rd.com>
References: <152041310032.17609.1489959489741770597.idtracker@ietfa.amsl.com> <CABcZeBM+uRTww=dZsQnwxyFA07nD-iifU-10O5u_bRqAAy39PQ@mail.gmail.com> <ef9df2f2-b7f9-8a41-36a2-a287efa2dadf@nostrum.com> <0BAD6FF1-8E6E-4C43-B1A7-6BC69211C16E@sn3rd.com> <300f4b0e-f0a3-111d-306b-02de1e81b5a1@nostrum.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5G7kzGuqWmOcY5X1Or-MoOE7B0U>
Subject: Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 23:05:48 -0000
> On Mar 12, 2018, at 22:46, Adam Roach <adam@nostrum.com> wrote: > > On 3/12/18 5:33 PM, Sean Turner wrote: >> >>> On Mar 12, 2018, at 19:58, Adam Roach <adam@nostrum.com> wrote: >>> >>> On 3/7/18 12:58 PM, Eric Rescorla wrote: >>>>>> - TLS SignatureScheme Registry: Values with the first byte in the >>>>>> range 0-253 (decimal) are assigned via Specification Required >>>>>> [RFC8126]. Values with the first byte 254 or 255 (decimal) are >>>>>> reserved for Private Use [RFC8126]. Values with the first byte in >>>>>> the range 0-6 or with the second byte in the range 0-3 that are >>>>>> not currently allocated are reserved for backwards compatibility. >>>>> Unless I misunderstand the compatibility mechanisms here, the reservation of >>>>> first byte=0-6 seems to assume that no further assignments will be made from >>>>> the "TLS HashAlgorithm Registry" (after 4492bis lands). If this is the case, I >>>>> would expect the IANA considerations section to include a request that the IANA >>>>> close the table to further registrations. The same comment applies to TLS >>>>> SignatureAlgorithm Registry. >>>> Agreed, but I'd like to hear from the chairs. >>> >>> I think we're still waiting to hear from the chairs on this topic. >>> >>> /a >> I think this got lost somewhere in the flurry of emails: >> >> See s17 of https://datatracker.ietf.org/doc/draft-ietf-tls-iana-registry-updates/ >> We don’t close the registry because technically, if somebody really, really wanted to they could register values for earlier versions. > > Ah, thanks for the pointer. I don't agree with your evaluation that draft-ietf-tls-iana-registry-updates preserves the ability to register values for earlier versions, as it marks all remaining available codepoints "reserved." That's effectively equivalent to what I'm asking for, though, so my comment is addressed. Subtly different but I’m glad you’re good with this ;) > There's still a potential mess brewing for the HashAlgorithm codepoints 224 though 253 colliding with SignatureScheme values of 0xE000 - 0xFDFF, but it seems pretty unlikely that SignatureScheme allocations will reach that point before 1.2 and previous versions disappear. i may have been lazy when I just did 9-223. We could obviously remove this by marking 224-253 reserved for both the HashAlgorithm and SignatureAlgorithm registries. Note that there are also other unassigned values in 4-6 in SignatureAlgorithms and 7 in HashAlgorithm that should/could also be marked reserved. But, we can do that on the IANA draft in early April. spt
- [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26… Adam Roach
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls1… Eric Rescorla
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls1… Adam Roach
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls1… Sean Turner
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls1… Adam Roach
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls1… Sean Turner
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls1… Adam Roach
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls1… Sean Turner