IETF Logo Mail Archive

Re: [TLS] PR#345: IANA Considerations

Russ Housley <housley@vigilsec.com> Tue, 17 November 2015 18:01 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1A561B2EBD for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 10:01:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.899
X-Spam-Level:
X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnptqxMCaWTv for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 10:01:38 -0800 (PST)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 342A51B2EB5 for <tls@ietf.org>; Tue, 17 Nov 2015 10:01:38 -0800 (PST)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 913BBF2403D for <tls@ietf.org>; Tue, 17 Nov 2015 13:01:27 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id cLQEsUSzGJ6V for <tls@ietf.org>; Tue, 17 Nov 2015 13:00:17 -0500 (EST)
Received: from [192.168.2.104] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id CF9B0F24013 for <tls@ietf.org>; Tue, 17 Nov 2015 13:01:26 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary="Apple-Mail-114--822844187"
Date: Tue, 17 Nov 2015 13:01:14 -0500
In-Reply-To: <CABcZeBMN3mL3KYjMEjBqeZ+33it5Oi4BvO8zdz-2aXcs479bTQ@mail.gmail.com>
To: IETF TLS <tls@ietf.org>
References: <CABcZeBNMkJSQAm0gFZdecG8Nf+df+heP2V_u9pXGJmb7jV4BcQ@mail.gmail.com> <CABcZeBOD71keb_yE4EumgkOxXfOCnsniLrhDa3tHzsioE2E2bw@mail.gmail.com> <EAA07156-6F05-488B-A3E5-175100989449@sn3rd.com> <CABcZeBMn4BcpYLgoqFb=PuW92jnfhEK8cw7nStZEyh9RDdN6XQ@mail.gmail.com> <A61BBA75-2594-4DF7-8EF6-887B2F001DA1@sn3rd.com> <7276DA5B-0563-4D70-A611-96A2E80CAECB@tableau.com> <CABcZeBMN3mL3KYjMEjBqeZ+33it5Oi4BvO8zdz-2aXcs479bTQ@mail.gmail.com>
Message-Id: <F28A7D6B-31DD-436D-8A0C-9AE56AC32485@vigilsec.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LvP-mXT9zFbKs0OmqmAsUw_w3FU>
Subject: Re: [TLS] PR#345: IANA Considerations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 18:01:40 -0000

+1.  This seems like a reasonable way forward.

Russ


On Nov 17, 2015, at 12:51 PM, Eric Rescorla wrote:

> There are presently four categories of cipher suites vis-a-vis TLS 1.3.
> 
> 1. MUST or SHOULD cipher suites.
> 2. Standards track cipher suites (or ones we are making ST, like
>     the ECC ones).
> 3. Non standards track cipher suites
> 4. Cipher suites you can't use at all with TLS 1.3, like AES-CBC.
> 
> I think we're all agreed that category #1 should be marked recommended
> and that #3 and #4 should not be. This leaves us with category #2, which
> includes stuff like:
> 
> - FFDHE
> - CCM
> 
> My proposal is that we:
> 
> - List all the Standards Track cipher suites that are compatible with TLS 1.3 in Appendix A.
> - Mark all the cipher suites that are listed in Appendix A as "Recommended"
> 
> -Ekr
> 
> 
> 
> 
> 
> 
> On Tue, Nov 17, 2015 at 8:46 AM, Joe Salowey <jsalowey@tableau.com> wrote:
> I think the TLS 1.3 IANA considerations should just deal with setting up the recommended column and marking it for the cipher suites/extensions that are described in the 1.3 document.  Other cipher suites/extensions  can be marked as recommended through other documents.
> 
> 
> 
> 
> On 11/17/15, 6:54 AM, "TLS on behalf of Sean Turner" <tls-bounces@ietf.org on behalf of sean@sn3rd.com> wrote:
> 
> >On Nov 17, 2015, at 16:40, Eric Rescorla <ekr@rtfm.com> wrote:
> >>
> >> > 1. The Cipher Suites "Recommended" column was populated based on
> >> >     the Standards Track RFCs listed in the document (and I removed the
> >> >     others).
> >>
> >> Isn’t it just the MTI suites listed in s8.1?
> >>
> >> Maybe I need to go check the minutes, but I thought it was the
> >> Standards Track ones, not the MTI ones that we agreed on.
> >> The difference here is largely the FFDHE cipher suites and CCM.
> >
> >From Jim’s notes in the etherpad:
> >
> >AOB
> >SPT: Requests for additional ciphers from others.  Listing in A.4
> >       Suggest thinning it down to the SHOULD/MUST list only.
> >EKR: Need to encourage support for PSK variants
> >EKR: Looking at the difference between the "good" list and the "safe" list and the "no opinion" list
> >EKR: Sample case would be 448 - not a MUST/SHOULD but still think it is good.
> >
> >spt
> >_______________________________________________
> >TLS mailing list
> >TLS@ietf.org
> >https://www.ietf.org/mailman/listinfo/tls
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email