[TLS] Re: Last Call: <draft-ietf-tls-rfc8447bis-11.txt> (IANA Registry Updates for TLS and DTLS) to Proposed Standard
Paul Hoffman <phoffman@proper.com> Tue, 18 March 2025 04:40 UTC
Return-Path: <phoffman@proper.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 073C9D7DBE7; Mon, 17 Mar 2025 21:40:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8LWMf9vICJYE; Mon, 17 Mar 2025 21:40:42 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 94994D7DBE2; Mon, 17 Mar 2025 21:40:42 -0700 (PDT)
Received: from [10.32.63.113] (rtr-guestwired.meeting.ietf.org [31.133.144.1]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id 52I4eXVF090873 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 17 Mar 2025 21:40:36 -0700 (MST) (envelope-from phoffman@proper.com)
X-Authentication-Warning: mail.proper.com: Host rtr-guestwired.meeting.ietf.org [31.133.144.1] claimed to be [10.32.63.113]
From: Paul Hoffman <phoffman@proper.com>
To: Joseph Salowey <joe@salowey.net>
Date: Tue, 18 Mar 2025 11:40:27 +0700
X-Mailer: MailMate (2.0r6222)
Message-ID: <492866DC-4B28-441A-87D9-54E27A7B02E1@proper.com>
In-Reply-To: <CAOgPGoBg33o7N95PSue3KMwaOz=DcaP7tnNenX=WYQ_jitAyYw@mail.gmail.com>
References: <174184001345.838119.1665635750501653391@dt-datatracker-775fc5cbb8-824tp> <6BB43AEB-CF42-4FE2-998A-DB85B373D464@proper.com> <CAOgPGoBg33o7N95PSue3KMwaOz=DcaP7tnNenX=WYQ_jitAyYw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 6UNNOJH74534QSC4C2YLAQB3NZSDKBMZ
X-Message-ID-Hash: 6UNNOJH74534QSC4C2YLAQB3NZSDKBMZ
X-MailFrom: phoffman@proper.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: last-call@ietf.org, draft-ietf-tls-rfc8447bis@ietf.org, paul.wouters@aiven.io, tls-chairs@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Last Call: <draft-ietf-tls-rfc8447bis-11.txt> (IANA Registry Updates for TLS and DTLS) to Proposed Standard
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DaTDfBDTLSpwTtTQQZmqXVve0lw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On 17 Mar 2025, at 17:40, Joseph Salowey wrote: > The draft already contains the following guidance to address this point on > how to treat items marked as "D": > > "D: Indicates that the item is discouraged. This marking could be used to > identify mechanisms that might result in problems if they are used, such as > a weak cryptographic algorithm or a mechanism that might cause > interoperability problems in deployment. Implementers SHOULD consult the > linked references associated with the item to determine the conditions > under which it SHOULD NOT or MUST NOT be used." > > The behavior of TLS when it cannot arrive on an acceptable set of > parameters is defined in the TLS protocol specification. This does not address my comments: > On Fri, Mar 14, 2025 at 1:59 AM Paul Hoffman <phoffman@proper.com> wrote: > >> Greetings again. The contents of this draft are fine but definitely >> incomplete. The draft gives clear language about whether particular >> cryptographic components are recommended for use in TLS, but no guidance >> for implementations of what those implementations should do if given a >> discouraged code point. >> >> If a TLS server negotiates to a cryptographic component labelled "D". what >> SHOULD / MUST the client do? >> >> If a TLS client only offers D-level components, what SHOULD / MUST the >> server do? >> >> A program's configuration mechanism SHOULD NOT / MUST NOT allow specifying >> D-level components? >> >> This draft should either be expanded to say what TLS clients and servers >> and configuration SHOULD / MUST do with D-level components. If it is too >> difficult for the TLS WG to agree on specific actions, the draft should at >> least say that so that the reader knows what to do with these new ratings. >> Without such wording, the new "D" label becomes useless in practice, which >> is clearly bad for security and interoperability. The wording: > Implementers SHOULD consult the > linked references associated with the item to determine the conditions > under which it SHOULD NOT or MUST NOT be used. ...doesn't help software developers in many cases. Let's look at the first value in Section 4, truncated_hmac. The "linked reference" is Section 7 of RFC 6066. From the wording there, using truncated_hmac is just fine, even though draft-ietf-tls-rfc8447bis gives it a "D". So, again: This draft should either be expanded to say what TLS clients and servers and configuration SHOULD / MUST do with D-level components, or tell readers why it is not. Telling developers "go look at every doc that is liked from a D-level spec" is likely to cause them to not do so, and the result will be insecure implementations and lack of interoperability. --Paul Hoffman
- [TLS] Last Call: <draft-ietf-tls-rfc8447bis-11.tx… The IESG
- [TLS] Re: Last Call: <draft-ietf-tls-rfc8447bis-1… Paul Hoffman
- [TLS] Re: Last Call: <draft-ietf-tls-rfc8447bis-1… Joseph Salowey
- [TLS] Re: Last Call: <draft-ietf-tls-rfc8447bis-1… Paul Hoffman
- [TLS] Re: [Last-Call] Re: Last Call: <draft-ietf-… Salz, Rich
- [TLS] Re: [Last-Call] Last Call: <draft-ietf-tls-… Paul Hoffman
- [TLS] Re: [Last-Call] Re: Last Call: <draft-ietf-… Eric Rescorla