IETF Logo Mail Archive

Re: [TLS] PR#345: IANA Considerations

Eric Rescorla <ekr@rtfm.com> Tue, 17 November 2015 19:01 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E99931B336E for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 11:01:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.712
X-Spam-Level:
X-Spam-Status: No, score=0.712 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtIvayozKWPX for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 11:01:38 -0800 (PST)
Received: from mail-yk0-x233.google.com (mail-yk0-x233.google.com [IPv6:2607:f8b0:4002:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8573D1B336A for <tls@ietf.org>; Tue, 17 Nov 2015 11:01:38 -0800 (PST)
Received: by ykfs79 with SMTP id s79so22994513ykf.1 for <tls@ietf.org>; Tue, 17 Nov 2015 11:01:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ByEypSRQvwydWdqRyWxw2j7uUYgcO1GKD7NAjUuWR+A=; b=zRGI5NKvna6ilKw78LtjPMRf/liryJVlJkZJ1gwPp6Q8UAsMPIJR7eSUWvxXnfUt/r ZiXoTJRd2QhRZUjCsO9zH7UHjkV7FCVRzrHk1z3q1XPYnMKstehZ2t44ga/+KhomtL0y 7ONpx7U2ryaP/qXmgSDr0octbwhUcAt+10unBwg7P6L26BMR007qqfmXdRdhC4PUHYF+ M/7k+CtBvXAptsIcOnKYwXCu8kELd7XXW/UtVsO71ldaH3kJp1utAWK5/c13++Ckmml4 +7E72400a0oI8ygc7tWpgljj+/glXyPtYq4AvdqOiyg2ZDSYm1xAY9UERWS7vBAk+3Yh 9Ysg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ByEypSRQvwydWdqRyWxw2j7uUYgcO1GKD7NAjUuWR+A=; b=ABsjqI2JDdHgffblkIipS7D3dXvbPMDF8A2v6Jip8bv2MtrfwxDz4AdZoTt/Y/A64p dIXi3zUhRu/zV5dGyEBcrXrI/UEz7ye5QPtnvj4eI4ULe9/3KU6Y9+YwrvyU6N0QkpnW qQdY8kGw7j0JuVbpHQAcMipHhXUKV2kWOk/1RTywqmO9EGYBZKbmY+8OLk16RzRGkDq0 5+/c8DGoqzeijzmP6euHKh0AbDiaW7240LvvklkXVh5OnuzmNW0Y/rPcQqmUb81HHD5F JtoaVRJTIxiKZtjHUkl73v1O/F6UGwcHAiCXVbWwr2+5CUaOpaT6pa6FHHegBsQRFs4E G/zA==
X-Gm-Message-State: ALoCoQnsMKhggVZK28x9seOOyUsfl2yijE433BnjNB5JvD8x5PpJ7HOUjCxpX7/kN8yBtNhnsrfi
X-Received: by 10.13.212.9 with SMTP id w9mr18189885ywd.192.1447786897721; Tue, 17 Nov 2015 11:01:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.221.203 with HTTP; Tue, 17 Nov 2015 11:00:58 -0800 (PST)
In-Reply-To: <BLUPR03MB13968C4501A35779922149C58C1D0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABcZeBNMkJSQAm0gFZdecG8Nf+df+heP2V_u9pXGJmb7jV4BcQ@mail.gmail.com> <CABcZeBOD71keb_yE4EumgkOxXfOCnsniLrhDa3tHzsioE2E2bw@mail.gmail.com> <EAA07156-6F05-488B-A3E5-175100989449@sn3rd.com> <CABcZeBMn4BcpYLgoqFb=PuW92jnfhEK8cw7nStZEyh9RDdN6XQ@mail.gmail.com> <A61BBA75-2594-4DF7-8EF6-887B2F001DA1@sn3rd.com> <7276DA5B-0563-4D70-A611-96A2E80CAECB@tableau.com> <CABcZeBMN3mL3KYjMEjBqeZ+33it5Oi4BvO8zdz-2aXcs479bTQ@mail.gmail.com> <F28A7D6B-31DD-436D-8A0C-9AE56AC32485@vigilsec.com> <BLUPR03MB139629A2B2EE9BCD591AA4BB8C1D0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABcZeBPuUzggyebymm=f19V1vOvENHNqOtM+JB9q9zfy7-7QKA@mail.gmail.com> <BLUPR03MB13968C4501A35779922149C58C1D0@BLUPR03MB1396.namprd03.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 17 Nov 2015 11:00:58 -0800
Message-ID: <CABcZeBM_-NJ43dz=VnU3DZ3UVhcDKeRTVM5vOr+wPU2Ej6c6yA@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: multipart/alternative; boundary="001a114fa638bff0ca0524c127f4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8HkMG031uvysgE1o2o-dSbscsiE>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] PR#345: IANA Considerations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 19:01:41 -0000

I would be fine with any name people want to use here :)

-Ekr

On Tue, Nov 17, 2015 at 10:56 AM, Andrei Popov <Andrei.Popov@microsoft.com>
wrote:

> This is a good intention. Can we then choose a stronger, more definitive
> term? E.g. “non-standard”, “vendor-specific”, “private”, “not
> IETF-reviewed” or something better.
>
>
>
> I feel that “recommended” will change over time, and also that cipher
> suites and extensions “recommended” for TLS1.3 are different than those
> “recommended” for TLS 1.2.
>
>
>
> On the other hand, something we mark “non-standard” or “vendor-specific”
> is generally unlikely to move to the “standard” category.
>
>
>
> *From:* Eric Rescorla [mailto:ekr@rtfm.com]
> *Sent:* Tuesday, November 17, 2015 10:47 AM
> *To:* Andrei Popov <Andrei.Popov@microsoft.com>
> *Cc:* Russ Housley <housley@vigilsec.com>; IETF TLS <tls@ietf.org>
>
> *Subject:* Re: [TLS] PR#345: IANA Considerations
>
>
>
> Here is my understanding
>
>
>
> - Recommended things are things which the IETF has reviewed and thinks are
> good.
>
> - Not recommended things are things which the IETF has not reviewed and
> may be fine but may also be bad.
>
>
>
> The intention is to break the binding between code point assignment and
>
> endorsement.
>
>
>
> -Ekr
>
>
>
>
>
> On Tue, Nov 17, 2015 at 10:36 AM, Andrei Popov <Andrei.Popov@microsoft.com>
> wrote:
>
> What is the intended use of the “Recommended” list? I.e. how is an
> implementer supposed to think about this marker?
>
>
>
> Cheers,
>
>
>
> Andrei
>
>
>
> *From:* TLS [mailto:tls-bounces@ietf.org] *On Behalf Of *Russ Housley
> *Sent:* Tuesday, November 17, 2015 10:01 AM
> *To:* IETF TLS <tls@ietf.org>
> *Subject:* Re: [TLS] PR#345: IANA Considerations
>
>
>
> +1.  This seems like a reasonable way forward.
>
>
>
> Russ
>
>
>
>
>
> On Nov 17, 2015, at 12:51 PM, Eric Rescorla wrote:
>
>
>
> There are presently four categories of cipher suites vis-a-vis TLS 1.3.
>
>
>
> 1. MUST or SHOULD cipher suites.
>
> 2. Standards track cipher suites (or ones we are making ST, like
>
>     the ECC ones).
>
> 3. Non standards track cipher suites
>
> 4. Cipher suites you can't use at all with TLS 1.3, like AES-CBC.
>
>
>
> I think we're all agreed that category #1 should be marked recommended
>
> and that #3 and #4 should not be. This leaves us with category #2, which
>
> includes stuff like:
>
>
>
> - FFDHE
>
> - CCM
>
>
>
> My proposal is that we:
>
>
>
> - List all the Standards Track cipher suites that are compatible with TLS
> 1.3 in Appendix A.
>
> - Mark all the cipher suites that are listed in Appendix A as "Recommended"
>
>
>
> -Ekr
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Tue, Nov 17, 2015 at 8:46 AM, Joe Salowey <jsalowey@tableau.com> wrote:
>
> I think the TLS 1.3 IANA considerations should just deal with setting up
> the recommended column and marking it for the cipher suites/extensions that
> are described in the 1.3 document.  Other cipher suites/extensions  can be
> marked as recommended through other documents.
>
>
>
>
>
> On 11/17/15, 6:54 AM, "TLS on behalf of Sean Turner" <tls-bounces@ietf.org
> on behalf of sean@sn3rd.com> wrote:
>
> >On Nov 17, 2015, at 16:40, Eric Rescorla <ekr@rtfm.com> wrote:
> >>
> >> > 1. The Cipher Suites "Recommended" column was populated based on
> >> >     the Standards Track RFCs listed in the document (and I removed the
> >> >     others).
> >>
> >> Isn’t it just the MTI suites listed in s8.1?
> >>
> >> Maybe I need to go check the minutes, but I thought it was the
> >> Standards Track ones, not the MTI ones that we agreed on.
> >> The difference here is largely the FFDHE cipher suites and CCM.
> >
> >From Jim’s notes in the etherpad:
> >
> >AOB
> >SPT: Requests for additional ciphers from others.  Listing in A.4
> >       Suggest thinning it down to the SHOULD/MUST list only.
> >EKR: Need to encourage support for PSK variants
> >EKR: Looking at the difference between the "good" list and the "safe"
> list and the "no opinion" list
> >EKR: Sample case would be 448 - not a MUST/SHOULD but still think it is
> good.
> >
> >spt
>
> >_______________________________________________
> >TLS mailing list
> >TLS@ietf.org
> >https://www.ietf.org/mailman/listinfo/tls
> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7c93b5f706db184f0ff21a08d2ef7928e3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=psX1xULe1yb%2ffQibjLpvVTgFaltnGiMcqeo8S1Y91qE%3d>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7c93b5f706db184f0ff21a08d2ef7928e3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=psX1xULe1yb%2ffQibjLpvVTgFaltnGiMcqeo8S1Y91qE%3d>
>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7cad1ada64cabc48bab31408d2ef7f963f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=KiElWscMZZYI9wG4qHzvXyncIJJlM3P37WhU6L2mNB8%3d>
>
>
>

v2.23.0 | Report a Bug | By Email