IETF Logo Mail Archive

Re: [TLS] Should CCM_8 CSs be Recommended?

Joseph Salowey <joe@salowey.net> Wed, 04 October 2017 18:42 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CF2A134468 for <tls@ietfa.amsl.com>; Wed, 4 Oct 2017 11:42:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GJDVx9Zx609v for <tls@ietfa.amsl.com>; Wed, 4 Oct 2017 11:42:10 -0700 (PDT)
Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com [IPv6:2607:f8b0:400e:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50079134460 for <tls@ietf.org>; Wed, 4 Oct 2017 11:42:10 -0700 (PDT)
Received: by mail-pf0-x236.google.com with SMTP id u12so6697338pfl.4 for <tls@ietf.org>; Wed, 04 Oct 2017 11:42:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=X5h+e6pxPo805o9g/MC2hGfDqhJJdK72fhupi8nxzFc=; b=djy/msq46ROAeCBkZkGJkQ89P5+UMSehCl5jaK8PWtchBcgtsa5InuBwuSHR1D2Uzg W/OZN1ShFO8B0p6/8Tt9S6ZyYvudzz7i5eB0/ZPEHYpaWYPo8PU3iMz5FdvUYgsLRWu0 sfLuXKuaTWy53toaIt9NvLDP/IKKBd7KIRjcRDMpJTxsVDi1go8JslVNCKGqVwBaAIgq AVmHnBOLXdxo395/Xov02myHbgdDNm1M6chaU1xbOedP/8mksOMBWsuyU2udZave1n0Y lpx+MfSD2L8lEM9BhC3lWUzbzC0prlBdwlRdGQGXJfpVrzk73PF9y19NcVTerwEn1q2Z rW9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=X5h+e6pxPo805o9g/MC2hGfDqhJJdK72fhupi8nxzFc=; b=rD0PVFVNYPp13Kj0J96uKEf6Kxmxe6oxxNpcqLs9nPcFfxX8+HDyIsZdE1Dglm/GBY fKDmLkFCQ/HCxXX/AlK48DHEm4Vu1ilna1iHUwyS72B9n/dDkjWZnF87UV8oEW5YLimI 1w5iAoUiU9+7HuN5FB+UpRDfXcQz0rxY/yiiRfUgRegEepZ94j/hmFLhCK+W4ZSEyds5 FzG0q/aoBsjBjNXrAOfNNboBiXAklV6NuYay1oHnV/RHb1OK90umZAG32khxFhAlDxBq 6knqbXObuHS4FpqP/sLhPDwjszcO4aJljEajxklWCIChInG4B14c0dI9dNOdXgSdWzed TbRg==
X-Gm-Message-State: AHPjjUhw9mcXI1Ae+ep42s+nkMiALaDbbNYoHVnSHOMd53D4aYDtKxgU OvkHPCzTqnnKbVXwF/Ti493Sbk77kb7HC/8j/I7Asg==
X-Google-Smtp-Source: AOwi7QD5YIAuX+0mTlCMW7kXqsJD7Wple+6qvkqrDh7PGFE7KndsdGRfG1pNxS99PhXnX/J8SnmiClthGcjp/2BAHOA=
X-Received: by 10.84.174.197 with SMTP id r63mr20382446plb.235.1507142529836; Wed, 04 Oct 2017 11:42:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.179.71 with HTTP; Wed, 4 Oct 2017 11:41:49 -0700 (PDT)
In-Reply-To: <A77ED838-9A38-41AB-B063-FC6BE6996373@akamai.com>
References: <CA26DC83-9524-4CDA-910A-7FDCBF73F849@sn3rd.com> <A77ED838-9A38-41AB-B063-FC6BE6996373@akamai.com>
From: Joseph Salowey <joe@salowey.net>
Date: Wed, 04 Oct 2017 11:41:49 -0700
Message-ID: <CAOgPGoAH_-i8dpX0Df=bcrS9t_LMi0N+6T-tpr+ybkA3sfn8tg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c11aca81dfc57055abcf7aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/H4Hw2zv4aUMp0Znl8tzsM0o9_wU>
Subject: Re: [TLS] Should CCM_8 CSs be Recommended?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2017 18:42:12 -0000

The current editor's copy of the draft has the following text about the
recommended column:

The instructions in this document add a recommended column to many of the
TLS registries to indicate parameters that are generally recommended for
implementations to support. Adding a recommended parameter to a registry or
updating a parameter to recommended status requires standards action. Not
all parameters defined in standards track documents need to be marked as
recommended.

If an item is marked as not recommended it does not necessarily mean that
it is flawed, rather, it indicates that either the item has not been
through the IETF consensus process or the item has limited applicability to
specific cases.

On Wed, Oct 4, 2017 at 4:58 AM, Salz, Rich <rsalz@akamai.com> wrote:

> ➢  We’re recommending that these five suites be dropped from the
> recommended list.  Please let us know what you think.
>
>
> Does “recommended” mean for general use, in the public Internet?  Or is it
> “I know it when I see it” kind of thing?
>
> Either way, I support un-recommending them
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email