[TLS] question for the WG about draft-ietf-tls-iana-registry-updates

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 21 November 2017 20:38 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D38E3124B18 for <tls@ietfa.amsl.com>; Tue, 21 Nov 2017 12:38:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 3byME21SjPdP for <tls@ietfa.amsl.com>; Tue, 21 Nov 2017 12:38:02 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9929C1204DA for <tls@ietf.org>; Tue, 21 Nov 2017 12:38:02 -0800 (PST)
Received: from localhost (localhost []) by mercury.scss.tcd.ie (Postfix) with ESMTP id 77346BE56 for <tls@ietf.org>; Tue, 21 Nov 2017 20:38:00 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([]) by localhost (mercury.scss.tcd.ie []) (amavisd-new, port 10024) with ESMTP id c2rZfpGmzlqX for <tls@ietf.org>; Tue, 21 Nov 2017 20:37:58 +0000 (GMT)
Received: from [] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net []) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C6140BE53 for <tls@ietf.org>; Tue, 21 Nov 2017 20:37:58 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1511296678; bh=Ap1TvdrDmAotZwipuunQOxCQKZzqujySt61EngwoG1I=; h=To:From:Subject:Date:From; b=RhgPJYqzIfSE3CuTDK7VvufPu7YMFb1KL8IjTiilzFzuZjBEhwtJrkZZIsrX60eQv /Oht4FtiQ8wVFZFbl9s3aoTYIp20+oKDImNt4Xa/NdWF3ytlSmlAthjdGVcnvBH5Dm aote1jbmlJqAra56fA50O6lN6L4dMNSgGsyMl/aw=
To: "tls@ietf.org" <tls@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <0b536834-e49b-4c07-fc19-4d44c7e0ad99@cs.tcd.ie>
Date: Tue, 21 Nov 2017 20:37:58 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="24QlptuUESX9WTNf1SGm5cAvWFP6Hn7sm"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EG-_gdJC11G4SOCjIrL1ii16CT4>
Subject: [TLS] question for the WG about draft-ietf-tls-iana-registry-updates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Nov 2017 20:38:05 -0000


I just posted a draft shepherd write-up for this [1]. (The
write-up text was mostly written by Sean as it happens - for
which he has my thanks as it's boring as hell to do that:-)

There are nits but only one substantive question that I don't
recall the WG discussing before (but maybe I'm forgetting).

What is needed to change from Recommended == Yes down to
Recommended == No? Does that need a standards action (e.g.
with an RFC) or just IETF review or even maybe just IESG

In the current draft write-up I've put in the first as a
placeholder, as that's symmetric with the No->Yes change but
I think IESG action is probably ok if the WG wanted that as
the IESG probably won't go crazy and will likely do as the
WG want in such cases. If the WG do want to write a specific
foo-no-longer-recommended RFC it can do that in all cases,
and of course Yes->No transitions could be documented in an
RFC that documents a "replacement" Yes entry.

So, unless this was already discussed....answers on a postcard
please - which'd we like:

(1) say nothing (as in -02 draft)
(2) say standards action is required for a Yes->No transition
(3) say IETF review (i.e. an IETF last call) is required for a
    Yes->No transition
(4) say IESG action is required for a Yes->No transition
(5) something else

And as a reminder the Recommended column is not about crypto
quality but is about things for which we have consensus that
they ought be widely implemented and available at the current
point in time. Those are related things but Recommended == No
does not imply crap-crypto even if crap-crypto will hopefully
imply Recommended == No.

If nobody says anything I'll chat with Kathleen, Sean and Joe
and we'll pick a thing and that'll doubtless be quibbled about
during directorate reviews and IESG processing as these things
always are;-)

But since I'd hope implementers will care about keeping up to
date with the set of Recommended == Yes things, I do hope that
folks are willing to express a preference here.