IETF Logo Mail Archive

Re: [TLS] PR#345: IANA Considerations

Andrei Popov <Andrei.Popov@microsoft.com> Tue, 17 November 2015 19:12 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9CD21B338E for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 11:12:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.012
X-Spam-Level:
X-Spam-Status: No, score=-0.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2PXIsPZV6o5Q for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 11:12:09 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0769.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::769]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 884941B338D for <tls@ietf.org>; Tue, 17 Nov 2015 11:12:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=r/gIjKoyJz3wXgdJwW5B7VhlDFBIASQlBOAO1aXjxmU=; b=AhCem1drjgTVOF//jMXMkbvjE3ZZTA+1sQYsRTHr15IGWPP2B+cocN838tCq7NrKq/asVULTXIYAZleWpRNKw2eCIQtkO/kYM6IDeBjVKjTNp8cvGIG7wgC6YJ0f5TggPhMukGZwCpCdnyHby/v/HeYwddzsSt54Bv47znIUmzM=
Received: from BLUPR03MB1396.namprd03.prod.outlook.com (10.163.81.142) by BLUPR03MB1396.namprd03.prod.outlook.com (10.163.81.142) with Microsoft SMTP Server (TLS) id 15.1.318.15; Tue, 17 Nov 2015 19:11:46 +0000
Received: from BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) by BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) with mapi id 15.01.0318.003; Tue, 17 Nov 2015 19:11:46 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [TLS] PR#345: IANA Considerations
Thread-Index: AQHRIMT9OVhyjmu2u0CH56orafUz4Z6fSL4AgAD1tACAAAuwAIAABB+AgAAfHYCAABJHAIAAArYAgAAI+eCAAAPZgIAAAFSQgAADiwCAAAHQoA==
Date: Tue, 17 Nov 2015 19:11:46 +0000
Message-ID: <BLUPR03MB13967E5ECD3CCC3F25BB479B8C1D0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABcZeBNMkJSQAm0gFZdecG8Nf+df+heP2V_u9pXGJmb7jV4BcQ@mail.gmail.com> <CABcZeBOD71keb_yE4EumgkOxXfOCnsniLrhDa3tHzsioE2E2bw@mail.gmail.com> <EAA07156-6F05-488B-A3E5-175100989449@sn3rd.com> <CABcZeBMn4BcpYLgoqFb=PuW92jnfhEK8cw7nStZEyh9RDdN6XQ@mail.gmail.com> <A61BBA75-2594-4DF7-8EF6-887B2F001DA1@sn3rd.com> <7276DA5B-0563-4D70-A611-96A2E80CAECB@tableau.com> <CABcZeBMN3mL3KYjMEjBqeZ+33it5Oi4BvO8zdz-2aXcs479bTQ@mail.gmail.com> <F28A7D6B-31DD-436D-8A0C-9AE56AC32485@vigilsec.com> <BLUPR03MB139629A2B2EE9BCD591AA4BB8C1D0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABcZeBPuUzggyebymm=f19V1vOvENHNqOtM+JB9q9zfy7-7QKA@mail.gmail.com> <BLUPR03MB13968C4501A35779922149C58C1D0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABcZeBM_-NJ43dz=VnU3DZ3UVhcDKeRTVM5vOr+wPU2Ej6c6yA@mail.gmail.com>
In-Reply-To: <CABcZeBM_-NJ43dz=VnU3DZ3UVhcDKeRTVM5vOr+wPU2Ej6c6yA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:f::1d2]
x-microsoft-exchange-diagnostics: 1; BLUPR03MB1396; 5:AzF85ySyHLQdBpX9fHMNDCCIw/NGmaY4vbDPhTDvg83/TQwioiIYLZaU+3YcqZmrx4nNW1NVxyPJSWpeopR206tND+F3p0vVENOfclW2NeVR+jMSptd9X+JHuB6CaQw63FvQDhmh4Z8hIadhCnVFQw==; 24:GnlQ7rQKu0BsxrAysvwcchS3ozQLdjt84abljqOIrmzgzsfZDQFxF1ecVHconK2DRKE5kHM7SMfvVGsbgI6URdDR1rhIwLZLx3hC+txRuQk=; 20:uEDE6VtQya2Zxs5EYDUYt3XTM5fMVqd1M+BBucaDF/7+ta8/ugICTuUbooO12nCw2LePn6+4fVdAH87aLFZ8Hw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB1396;
x-microsoft-antispam-prvs: <BLUPR03MB13966C54C4AA08D7C4DB0A0C8C1D0@BLUPR03MB1396.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(31773223642792)(189930954265078)(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425024)(601004)(2401047)(520078)(8121501046)(5005006)(3002001)(10201501046)(61426024)(61427024); SRVR:BLUPR03MB1396; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB1396;
x-forefront-prvs: 07630F72AD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(24454002)(479174004)(199003)(189002)(99286002)(77096005)(54356999)(19609705001)(40100003)(8990500004)(76176999)(5005710100001)(87936001)(105586002)(106356001)(10400500002)(10290500002)(5002640100001)(50986999)(92566002)(5003600100002)(189998001)(19625215002)(2950100001)(101416001)(76576001)(33656002)(16236675004)(102836002)(122556002)(2900100001)(19617315012)(15975445007)(10090500001)(561944003)(93886004)(5001920100001)(5001960100002)(110136002)(81156007)(97736004)(106116001)(5004730100002)(11100500001)(5007970100001)(86362001)(5008740100001)(74316001)(86612001)(19580405001)(19580395003)(19300405004)(586003)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB1396; H:BLUPR03MB1396.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BLUPR03MB13967E5ECD3CCC3F25BB479B8C1D0BLUPR03MB1396namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Nov 2015 19:11:46.6162 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB1396
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Mx9bJ2nSXIdeoPbCvpUnR3S4W7c>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] PR#345: IANA Considerations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 19:12:14 -0000

I personally favor the B-name you used at the meeting, but IANA might have a problem with it☺.

if the distinction is that certain code points are assigned to TLS features that are not IETF-reviewed or endorsed, for collision avoidance only, I think the marker name should specifically say so.

From: Eric Rescorla [mailto:ekr@rtfm.com]
Sent: Tuesday, November 17, 2015 11:01 AM
To: Andrei Popov <Andrei.Popov@microsoft.com>
Cc: Russ Housley <housley@vigilsec.com>; IETF TLS <tls@ietf.org>
Subject: Re: [TLS] PR#345: IANA Considerations

I would be fine with any name people want to use here :)

-Ekr

On Tue, Nov 17, 2015 at 10:56 AM, Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>> wrote:
This is a good intention. Can we then choose a stronger, more definitive term? E.g. “non-standard”, “vendor-specific”, “private”, “not IETF-reviewed” or something better.

I feel that “recommended” will change over time, and also that cipher suites and extensions “recommended” for TLS1.3 are different than those “recommended” for TLS 1.2.

On the other hand, something we mark “non-standard” or “vendor-specific” is generally unlikely to move to the “standard” category.

From: Eric Rescorla [mailto:ekr@rtfm.com<mailto:ekr@rtfm.com>]
Sent: Tuesday, November 17, 2015 10:47 AM
To: Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>>
Cc: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>; IETF TLS <tls@ietf.org<mailto:tls@ietf.org>>

Subject: Re: [TLS] PR#345: IANA Considerations

Here is my understanding

- Recommended things are things which the IETF has reviewed and thinks are good.
- Not recommended things are things which the IETF has not reviewed and may be fine but may also be bad.

The intention is to break the binding between code point assignment and
endorsement.

-Ekr


On Tue, Nov 17, 2015 at 10:36 AM, Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>> wrote:
What is the intended use of the “Recommended” list? I.e. how is an implementer supposed to think about this marker?

Cheers,

Andrei

From: TLS [mailto:tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>] On Behalf Of Russ Housley
Sent: Tuesday, November 17, 2015 10:01 AM
To: IETF TLS <tls@ietf.org<mailto:tls@ietf.org>>
Subject: Re: [TLS] PR#345: IANA Considerations

+1.  This seems like a reasonable way forward.

Russ


On Nov 17, 2015, at 12:51 PM, Eric Rescorla wrote:

There are presently four categories of cipher suites vis-a-vis TLS 1.3.

1. MUST or SHOULD cipher suites.
2. Standards track cipher suites (or ones we are making ST, like
    the ECC ones).
3. Non standards track cipher suites
4. Cipher suites you can't use at all with TLS 1.3, like AES-CBC.

I think we're all agreed that category #1 should be marked recommended
and that #3 and #4 should not be. This leaves us with category #2, which
includes stuff like:

- FFDHE
- CCM

My proposal is that we:

- List all the Standards Track cipher suites that are compatible with TLS 1.3 in Appendix A.
- Mark all the cipher suites that are listed in Appendix A as "Recommended"

-Ekr






On Tue, Nov 17, 2015 at 8:46 AM, Joe Salowey <jsalowey@tableau.com<mailto:jsalowey@tableau.com>> wrote:
I think the TLS 1.3 IANA considerations should just deal with setting up the recommended column and marking it for the cipher suites/extensions that are described in the 1.3 document.  Other cipher suites/extensions  can be marked as recommended through other documents.




On 11/17/15, 6:54 AM, "TLS on behalf of Sean Turner" <tls-bounces@ietf.org<mailto:tls-bounces@ietf.org> on behalf of sean@sn3rd.com<mailto:sean@sn3rd.com>> wrote:

>On Nov 17, 2015, at 16:40, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
>>
>> > 1. The Cipher Suites "Recommended" column was populated based on
>> >     the Standards Track RFCs listed in the document (and I removed the
>> >     others).
>>
>> Isn’t it just the MTI suites listed in s8.1?
>>
>> Maybe I need to go check the minutes, but I thought it was the
>> Standards Track ones, not the MTI ones that we agreed on.
>> The difference here is largely the FFDHE cipher suites and CCM.
>
>From Jim’s notes in the etherpad:
>
>AOB
>SPT: Requests for additional ciphers from others.  Listing in A.4
>       Suggest thinning it down to the SHOULD/MUST list only.
>EKR: Need to encourage support for PSK variants
>EKR: Looking at the difference between the "good" list and the "safe" list and the "no opinion" list
>EKR: Sample case would be 448 - not a MUST/SHOULD but still think it is good.
>
>spt
>_______________________________________________
>TLS mailing list
>TLS@ietf.org<mailto:TLS@ietf.org>
>https://www.ietf.org/mailman/listinfo/tls<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7c93b5f706db184f0ff21a08d2ef7928e3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=psX1xULe1yb%2ffQibjLpvVTgFaltnGiMcqeo8S1Y91qE%3d>

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7c93b5f706db184f0ff21a08d2ef7928e3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=psX1xULe1yb%2ffQibjLpvVTgFaltnGiMcqeo8S1Y91qE%3d>


_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7cad1ada64cabc48bab31408d2ef7f963f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=KiElWscMZZYI9wG4qHzvXyncIJJlM3P37WhU6L2mNB8%3d>

v2.23.0 | Report a Bug | By Email