Re: [TLS] Uplifting 5289
Sean Turner <sean@sn3rd.com> Thu, 16 March 2017 15:35 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA4781295EA for <tls@ietfa.amsl.com>; Thu, 16 Mar 2017 08:35:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dsBlvT8VP_bN for <tls@ietfa.amsl.com>; Thu, 16 Mar 2017 08:35:23 -0700 (PDT)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3C8912956D for <tls@ietf.org>; Thu, 16 Mar 2017 08:35:22 -0700 (PDT)
Received: by mail-qt0-x22e.google.com with SMTP id x35so40701587qtc.2 for <tls@ietf.org>; Thu, 16 Mar 2017 08:35:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gA/4at2TMqMzAPVeedReKGc7cY/5pjihyuBCJ2pfouU=; b=atjCmw5TSs/DU7+p802VQTbPpmh/4Z0Z2NDZ/2/i+N4J7LP1x/y94MKTCjvTJDEvNN GRN8YS9L6GLVQ9RFz7RWpm06aun76ifpijEVJgXnJFSEpEMiy7aIseCgZ13VUVKZB0i5 FlT3R4z9fIq3wSMIVTUbR4M9CNcvAa30m/8y8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gA/4at2TMqMzAPVeedReKGc7cY/5pjihyuBCJ2pfouU=; b=YdGLS2bdweib5rfpYGEDyTcejJnI2TU2ZaPV4+lFgG+infO5zclMMCzsBN9pl98hTL +ZEbZO/g5VAsGPflk21/VFwkkQsmsMbW30qzK+z0B/+qfj5qj8IX6KR1lfrmCZ7p12VO 3FKRVF6KqRpWYgPRYgF0KzwXK8zq9A5m78ZGOEcqRRoelUTfBdF43mfcTMTf/ReKZQqf +VKtg/nZxMVIhXj2sIPKvMJEBblIgeyY0ykZtkeANZFd+rT8qxAJTfXirGOpgiV/Mm1+ GLvc/QKB0YAWMC1afBqMfJA/1yWvW6GLumokbzDzWclz6l7SRnzVBrHaVyzl47uzDSho l4vg==
X-Gm-Message-State: AFeK/H15N/NfGnZG0J0wvpIXAtHaasQesqIfmNJBHlL7jL9uA9QCWdGyhoH9lEuCHovb/g==
X-Received: by 10.200.58.163 with SMTP id x32mr9555010qte.123.1489678521823; Thu, 16 Mar 2017 08:35:21 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.230.131]) by smtp.gmail.com with ESMTPSA id j11sm3856734qta.39.2017.03.16.08.35.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Mar 2017 08:35:20 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CABcZeBPb-bHAOKWDqszE1gbVPHH-3HsVSCjGzCdEQB37MyFz4Q@mail.gmail.com>
Date: Thu, 16 Mar 2017 11:35:19 -0400
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3ACF0F8C-2324-4605-AC5C-E5885715E2B9@sn3rd.com>
References: <CABcZeBPb-bHAOKWDqszE1gbVPHH-3HsVSCjGzCdEQB37MyFz4Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BefYIDwD8j82u9cQXiiDL-fi5YA>
Subject: Re: [TLS] Uplifting 5289
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 15:35:25 -0000
ekr, While we’re moving the entire document to PS, we’re also following it with https://datatracker.ietf.org/doc/draft-ietf-tls-iana-registry-updates/ that adds a “Recommended" column that is not (see s6) going to include marking “Y” for any of the CBC algorithms. So, I think we’re okay. spt > On Mar 16, 2017, at 11:17, Eric Rescorla <ekr@rtfm.com> wrote: > > Hi folks > > I note that we are proposing to uplift RFC 5289 to PS, despite the fact that it > standardizes some CBC cipher suites, which the WG is looking to move away > from. I recognize that these are the only cipher suites you can use in TLS 1.0 > and 1.1, but we also want people to move away from them. > > This problem is probably solvable by marking the registry as Not Recommended, but I wondered if anyone had other thoughts on this topic? > > -Ekr > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Uplifting 5289 Eric Rescorla
- Re: [TLS] Uplifting 5289 Sean Turner
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 kathleen.moriarty.ietf
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 Eric Rescorla
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 Stephen Farrell