Re: [TLS] PR#345: IANA Considerations
Eric Rescorla <ekr@rtfm.com> Tue, 17 November 2015 19:01 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E99931B336E for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 11:01:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.712
X-Spam-Level:
X-Spam-Status: No, score=0.712 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtIvayozKWPX for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 11:01:38 -0800 (PST)
Received: from mail-yk0-x233.google.com (mail-yk0-x233.google.com [IPv6:2607:f8b0:4002:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8573D1B336A for <tls@ietf.org>; Tue, 17 Nov 2015 11:01:38 -0800 (PST)
Received: by ykfs79 with SMTP id s79so22994513ykf.1 for <tls@ietf.org>; Tue, 17 Nov 2015 11:01:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ByEypSRQvwydWdqRyWxw2j7uUYgcO1GKD7NAjUuWR+A=; b=zRGI5NKvna6ilKw78LtjPMRf/liryJVlJkZJ1gwPp6Q8UAsMPIJR7eSUWvxXnfUt/r ZiXoTJRd2QhRZUjCsO9zH7UHjkV7FCVRzrHk1z3q1XPYnMKstehZ2t44ga/+KhomtL0y 7ONpx7U2ryaP/qXmgSDr0octbwhUcAt+10unBwg7P6L26BMR007qqfmXdRdhC4PUHYF+ M/7k+CtBvXAptsIcOnKYwXCu8kELd7XXW/UtVsO71ldaH3kJp1utAWK5/c13++Ckmml4 +7E72400a0oI8ygc7tWpgljj+/glXyPtYq4AvdqOiyg2ZDSYm1xAY9UERWS7vBAk+3Yh 9Ysg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ByEypSRQvwydWdqRyWxw2j7uUYgcO1GKD7NAjUuWR+A=; b=ABsjqI2JDdHgffblkIipS7D3dXvbPMDF8A2v6Jip8bv2MtrfwxDz4AdZoTt/Y/A64p dIXi3zUhRu/zV5dGyEBcrXrI/UEz7ye5QPtnvj4eI4ULe9/3KU6Y9+YwrvyU6N0QkpnW qQdY8kGw7j0JuVbpHQAcMipHhXUKV2kWOk/1RTywqmO9EGYBZKbmY+8OLk16RzRGkDq0 5+/c8DGoqzeijzmP6euHKh0AbDiaW7240LvvklkXVh5OnuzmNW0Y/rPcQqmUb81HHD5F JtoaVRJTIxiKZtjHUkl73v1O/F6UGwcHAiCXVbWwr2+5CUaOpaT6pa6FHHegBsQRFs4E G/zA==
X-Gm-Message-State: ALoCoQnsMKhggVZK28x9seOOyUsfl2yijE433BnjNB5JvD8x5PpJ7HOUjCxpX7/kN8yBtNhnsrfi
X-Received: by 10.13.212.9 with SMTP id w9mr18189885ywd.192.1447786897721; Tue, 17 Nov 2015 11:01:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.221.203 with HTTP; Tue, 17 Nov 2015 11:00:58 -0800 (PST)
In-Reply-To: <BLUPR03MB13968C4501A35779922149C58C1D0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABcZeBNMkJSQAm0gFZdecG8Nf+df+heP2V_u9pXGJmb7jV4BcQ@mail.gmail.com> <CABcZeBOD71keb_yE4EumgkOxXfOCnsniLrhDa3tHzsioE2E2bw@mail.gmail.com> <EAA07156-6F05-488B-A3E5-175100989449@sn3rd.com> <CABcZeBMn4BcpYLgoqFb=PuW92jnfhEK8cw7nStZEyh9RDdN6XQ@mail.gmail.com> <A61BBA75-2594-4DF7-8EF6-887B2F001DA1@sn3rd.com> <7276DA5B-0563-4D70-A611-96A2E80CAECB@tableau.com> <CABcZeBMN3mL3KYjMEjBqeZ+33it5Oi4BvO8zdz-2aXcs479bTQ@mail.gmail.com> <F28A7D6B-31DD-436D-8A0C-9AE56AC32485@vigilsec.com> <BLUPR03MB139629A2B2EE9BCD591AA4BB8C1D0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABcZeBPuUzggyebymm=f19V1vOvENHNqOtM+JB9q9zfy7-7QKA@mail.gmail.com> <BLUPR03MB13968C4501A35779922149C58C1D0@BLUPR03MB1396.namprd03.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 17 Nov 2015 11:00:58 -0800
Message-ID: <CABcZeBM_-NJ43dz=VnU3DZ3UVhcDKeRTVM5vOr+wPU2Ej6c6yA@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: multipart/alternative; boundary="001a114fa638bff0ca0524c127f4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8HkMG031uvysgE1o2o-dSbscsiE>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] PR#345: IANA Considerations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 19:01:41 -0000
I would be fine with any name people want to use here :) -Ekr On Tue, Nov 17, 2015 at 10:56 AM, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > This is a good intention. Can we then choose a stronger, more definitive > term? E.g. “non-standard”, “vendor-specific”, “private”, “not > IETF-reviewed” or something better. > > > > I feel that “recommended” will change over time, and also that cipher > suites and extensions “recommended” for TLS1.3 are different than those > “recommended” for TLS 1.2. > > > > On the other hand, something we mark “non-standard” or “vendor-specific” > is generally unlikely to move to the “standard” category. > > > > *From:* Eric Rescorla [mailto:ekr@rtfm.com] > *Sent:* Tuesday, November 17, 2015 10:47 AM > *To:* Andrei Popov <Andrei.Popov@microsoft.com> > *Cc:* Russ Housley <housley@vigilsec.com>; IETF TLS <tls@ietf.org> > > *Subject:* Re: [TLS] PR#345: IANA Considerations > > > > Here is my understanding > > > > - Recommended things are things which the IETF has reviewed and thinks are > good. > > - Not recommended things are things which the IETF has not reviewed and > may be fine but may also be bad. > > > > The intention is to break the binding between code point assignment and > > endorsement. > > > > -Ekr > > > > > > On Tue, Nov 17, 2015 at 10:36 AM, Andrei Popov <Andrei.Popov@microsoft.com> > wrote: > > What is the intended use of the “Recommended” list? I.e. how is an > implementer supposed to think about this marker? > > > > Cheers, > > > > Andrei > > > > *From:* TLS [mailto:tls-bounces@ietf.org] *On Behalf Of *Russ Housley > *Sent:* Tuesday, November 17, 2015 10:01 AM > *To:* IETF TLS <tls@ietf.org> > *Subject:* Re: [TLS] PR#345: IANA Considerations > > > > +1. This seems like a reasonable way forward. > > > > Russ > > > > > > On Nov 17, 2015, at 12:51 PM, Eric Rescorla wrote: > > > > There are presently four categories of cipher suites vis-a-vis TLS 1.3. > > > > 1. MUST or SHOULD cipher suites. > > 2. Standards track cipher suites (or ones we are making ST, like > > the ECC ones). > > 3. Non standards track cipher suites > > 4. Cipher suites you can't use at all with TLS 1.3, like AES-CBC. > > > > I think we're all agreed that category #1 should be marked recommended > > and that #3 and #4 should not be. This leaves us with category #2, which > > includes stuff like: > > > > - FFDHE > > - CCM > > > > My proposal is that we: > > > > - List all the Standards Track cipher suites that are compatible with TLS > 1.3 in Appendix A. > > - Mark all the cipher suites that are listed in Appendix A as "Recommended" > > > > -Ekr > > > > > > > > > > > > > > On Tue, Nov 17, 2015 at 8:46 AM, Joe Salowey <jsalowey@tableau.com> wrote: > > I think the TLS 1.3 IANA considerations should just deal with setting up > the recommended column and marking it for the cipher suites/extensions that > are described in the 1.3 document. Other cipher suites/extensions can be > marked as recommended through other documents. > > > > > > On 11/17/15, 6:54 AM, "TLS on behalf of Sean Turner" <tls-bounces@ietf.org > on behalf of sean@sn3rd.com> wrote: > > >On Nov 17, 2015, at 16:40, Eric Rescorla <ekr@rtfm.com> wrote: > >> > >> > 1. The Cipher Suites "Recommended" column was populated based on > >> > the Standards Track RFCs listed in the document (and I removed the > >> > others). > >> > >> Isn’t it just the MTI suites listed in s8.1? > >> > >> Maybe I need to go check the minutes, but I thought it was the > >> Standards Track ones, not the MTI ones that we agreed on. > >> The difference here is largely the FFDHE cipher suites and CCM. > > > >From Jim’s notes in the etherpad: > > > >AOB > >SPT: Requests for additional ciphers from others. Listing in A.4 > > Suggest thinning it down to the SHOULD/MUST list only. > >EKR: Need to encourage support for PSK variants > >EKR: Looking at the difference between the "good" list and the "safe" > list and the "no opinion" list > >EKR: Sample case would be 448 - not a MUST/SHOULD but still think it is > good. > > > >spt > > >_______________________________________________ > >TLS mailing list > >TLS@ietf.org > >https://www.ietf.org/mailman/listinfo/tls > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7c93b5f706db184f0ff21a08d2ef7928e3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=psX1xULe1yb%2ffQibjLpvVTgFaltnGiMcqeo8S1Y91qE%3d> > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7c93b5f706db184f0ff21a08d2ef7928e3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=psX1xULe1yb%2ffQibjLpvVTgFaltnGiMcqeo8S1Y91qE%3d> > > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7cad1ada64cabc48bab31408d2ef7f963f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=KiElWscMZZYI9wG4qHzvXyncIJJlM3P37WhU6L2mNB8%3d> > > >
- [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Sean Turner
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Sean Turner
- Re: [TLS] PR#345: IANA Considerations Sean Turner
- Re: [TLS] PR#345: IANA Considerations Joe Salowey
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Benjamin Kaduk
- Re: [TLS] PR#345: IANA Considerations Russ Housley
- Re: [TLS] PR#345: IANA Considerations Andrei Popov
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Viktor Dukhovni
- Re: [TLS] PR#345: IANA Considerations Andrei Popov
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Andrei Popov
- Re: [TLS] PR#345: IANA Considerations Ilari Liusvaara
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Viktor Dukhovni
- Re: [TLS] PR#345: IANA Considerations Salz, Rich
- Re: [TLS] PR#345: IANA Considerations Dave Garrett
- Re: [TLS] PR#345: IANA Considerations Hubert Kario
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Martin Rex
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Joseph Salowey
- Re: [TLS] PR#345: IANA Considerations Eric Rescorla
- Re: [TLS] PR#345: IANA Considerations Joseph Salowey