IETF Logo Mail Archive

Re: [TLS] EXTERNAL: Re: Authentication Only Ciphersuites RFC

Eric Rescorla <ekr@rtfm.com> Thu, 28 February 2019 13:40 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEF52130E7F for <tls@ietfa.amsl.com>; Thu, 28 Feb 2019 05:40:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TIntvI08QTrS for <tls@ietfa.amsl.com>; Thu, 28 Feb 2019 05:40:15 -0800 (PST)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDB65130E69 for <tls@ietf.org>; Thu, 28 Feb 2019 05:40:14 -0800 (PST)
Received: by mail-lj1-x236.google.com with SMTP id d24so16880663ljc.12 for <tls@ietf.org>; Thu, 28 Feb 2019 05:40:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Xmtt83r6sGwr9l8daOfo9oT57SgQQY3O8P1iwPgq+ig=; b=FRwDA3a+V8DxpW/EUAHZn3pPC82qvX6cyCUTdcgwNh0Tf8QgTcZx5ysjgdu9IyQSgk aAWLGdkcq6Z3YOr2ETBag89gIduJT1GXBvxuhP5Y5ZNqEMx4HbqUe+SCvTF4kpV3XphK nb5iPS+KxL5z55g1C4u+vte/YSr4rWL2PVLA1Z1bFDTvlOD9jEB4yNmBc6a4hTe56dsp 8gh+TsT1byOo+yM7Fiy2RRvDDd8ALPpJb3+xzSchCvK+nBXUxgcbUl/JhDqQN0RYSxat ug5mKHRw8K8He94/kCxKrM/6+AuIKGKrkOH29adgzzaOhjYnzg7PTWu8nAGJ7PUGTwS5 SzFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Xmtt83r6sGwr9l8daOfo9oT57SgQQY3O8P1iwPgq+ig=; b=m84yVrGdM9HW03+2JGGVY4tle84Vg5aret3qLoKWbNPZcqg2FQZPSLBdwHZNJyEtw8 44HXBamqQXRBXKrj/FcBEi9Oijrj386rddCJKv2nLtOU9IpZ0p7ehLuqn3ZU0/AvUm0a vXLJlcixskNYLGj0mPRu3qGq7mUjVCA8prqCR/D9iWGAiKnszqh1LObCEolWmb/3B8u0 c9fuALGnY/41NVETnbU9SMs4Uld5Q2xNoWGGst1Qqc7w8As8YarBE4g4JICPHy86qvLK fIHoAsajh456rL0GY1rqNQqNduGqQqqQbH9zRwD7j+p+3urZaxKI/oIbb+Qi49PCzQ+U 0N1g==
X-Gm-Message-State: APjAAAUhIdaEJLDz8jd7DAbcbnfSdd9xQMnpbjVUEVQXH5A4dQmkpOEW 4o1X11KxZ0ittDPvr63XOmlR3ttr0gy+qCY0UdcW2A==
X-Google-Smtp-Source: APXvYqxEsJnWUgwQpHurRNvemrq8uGsXyT8cN7vHKIvLyjsc7UINpPKRIXzkiFYef+js2BVoAazTaM2dcODTICOOyCU=
X-Received: by 2002:a2e:4d7:: with SMTP id a84mr4720942ljf.86.1551361211663; Thu, 28 Feb 2019 05:40:11 -0800 (PST)
MIME-Version: 1.0
References: <BN6PR2201MB1092B0FAD8AB0334CF151996997B0@BN6PR2201MB1092.namprd22.prod.outlook.com> <CABcZeBPo3fDbCUoHWG84gnq0_uU5iyRXQgdboCYSeATpYdz=xg@mail.gmail.com> <BN6PR2201MB10920B409B6E38A36BB2DDC499740@BN6PR2201MB1092.namprd22.prod.outlook.com>
In-Reply-To: <BN6PR2201MB10920B409B6E38A36BB2DDC499740@BN6PR2201MB1092.namprd22.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 28 Feb 2019 05:39:34 -0800
Message-ID: <CABcZeBOqvx0eaGDLuFSJy6f6voqO7b+Bj9keFvRAwW7MibUfDA@mail.gmail.com>
To: Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f0a2b80582f46d1c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KJRRQHaJvvkHMzSaGof5KSqQLOo>
Subject: Re: [TLS] EXTERNAL: Re: Authentication Only Ciphersuites RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 13:40:18 -0000

Jack,

There's a bunch here to unpack.

First, the purpose of the current registry structure was to allow code
point registration without forcing the TLS WG to spend time on documents
that don't generally meet its goals. This seems like one such document.

WRT to your points about the benefits of RFC status:

1. Having this approved through the IETF process vs, just ISE would be
beneficial to those wishing to adopt. Why would this be the case? The only
reason I can think of is that having it be an IETF document would imply
that the IETF thought it was OK. But this is the situation we are trying to
avoid with the Not Recommended label.
2. Having this go through the IETF process would get you community review.
Again, here, the idea with the new process is that we don't force the TLS
WG to do that work.

Obviously, individuals should feel free to review this document or not as
they please, but I'm not seeing any compelling reason why TLS-WG should
take it on.

-Ekr


On Wed, Feb 27, 2019 at 11:49 AM Jack Visoky <jmvisoky@ra.rockwell.com>
wrote:

> Hi Eric,
>
>
>
> Our goal is to have an RFC published as Informational and with the Not
> Recommended status.  We felt having this approved through the IETF process
> vs just ISE would be beneficial to those wishing to adopt, and getting
> community review is also helpful to us and those we represent.
>
>
>
> I suppose one question is whether or not we need this to be a WG item or
> if we can solicit independent shepherding from a chair or AD to get to the
> goal of an Information RFC with Not Recommended status.
>
>
>
> Also, I apologize if I’ve misunderstood or misstated anything, I’m new to
> the IETF processes so certainly could have made a mistake.
>
>
>
> Thanks,
>
>
>
> --Jack
>
>
>
> *From:* Eric Rescorla <ekr@rtfm.com>
> *Sent:* Tuesday, February 26, 2019 5:53 PM
> *To:* Jack Visoky <jmvisoky@ra.rockwell.com>
> *Cc:* tls@ietf.org
> *Subject:* EXTERNAL: Re: [TLS] Authentication Only Ciphersuites RFC
>
>
>
> [Use caution with links & attachments]
>
>
>
>
>
>
>
> On Tue, Feb 26, 2019 at 12:54 PM Jack Visoky <jmvisoky@ra.rockwell.com>
> wrote:
>
> TLS Colleagues,
>
> If you recall we discussed a draft for authentication only ciphersuites
> over email back in August of 2018.  We've since made some updates to that
> draft.  We also have gotten IANA assignments to the authentication only
> ciphersuites for TLS 1.3 and have updated the draft to reflect the new
> assignments.
>
> To that extent, as the IoT community is looking to adopt these
> ciphersuites, we would like to solicit review of the draft:
>
>
>
>
> https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-02
>
>
>
> and request that it be published as informational draft given that the IoT
> forums are looking to adopt its use and the draft can serve as the guide
> for use and interoperability.
>
>
>
> It seems to me that there four somewhat distinct questions:
>
>
>
> 1. Code points
>
> 2. Document level (Info, Exp, PS, etc.)
>
> 3. Recommended status
>
> 4. WG status
>
>
>
> From my perspective, you have code points and you've asked for an
> Informational document, but than can only get you Not Recommended, so
> what's the value of having this be a WG document? Why can't you submit it
> to the ISE or alternately just have people reference the draft?
>
>
>
> -Ekr
>
>
>
>
>
> Thanks and Best Regards,
>
>
>
> --Jack (and Nancy)
>
>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email