IETF Logo Mail Archive

Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

Yoav Nir <ynir.ietf@gmail.com> Wed, 30 March 2016 05:29 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3233212D1BE for <tls@ietfa.amsl.com>; Tue, 29 Mar 2016 22:29:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rMweP9Ibkwjh for <tls@ietfa.amsl.com>; Tue, 29 Mar 2016 22:29:47 -0700 (PDT)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 102BE12D0AE for <tls@ietf.org>; Tue, 29 Mar 2016 22:29:47 -0700 (PDT)
Received: by mail-wm0-x22d.google.com with SMTP id p65so166732113wmp.1 for <tls@ietf.org>; Tue, 29 Mar 2016 22:29:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=DhdkD0m4CT18jWDPNXab5yQZlba4O7DSB0gF5Bq8948=; b=WsFd4P7jmilHQfjwWoYN4Es/m8P6QlmRSZU4NBjoKOANt/TMh18P5n8yhnawlkFdN0 bL09pvKKr0aS0PzqrxeSfcr9n8DgwC7JxOf9nUj/vsrjQhM0YZWBGOb7/2DrWgMrkHBN RhPtT3FqfyqqgAyeygEOHVKc+72iAx1pluZ+OM+a3Fu/J0HPi6iJkN+gSo5p+LutFHsH mdvWsQVdmKAs48KOFIhhe1Yov1mhf/PCHIO5rp+UilEEScCxuf5Vq1G5QW2zFLYBEQeP pf35cEIzR27fjMWCYuVS/Bcu8BC07GB9wfITrOG24cIKLZ+cSfSsqG8aBNYI+LDMHvx9 R+mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=DhdkD0m4CT18jWDPNXab5yQZlba4O7DSB0gF5Bq8948=; b=EwwTjico7EtcYmc9ZIWumwfVfcDhIEvuUwnbq13RmnvqFY9SK5F6NZXduF1z+UfCLk lxoqlYWAJpzc5A/U0MpV2bXzduB1Zi8icflJGwq4ACAUyQEvzQ/N+51CUmq+CcopEGkD IhI6YWr0mWwE2zoqkpHf8ka2UuueC42PVVWISB4QyrbS1LSbUtd5x/duyl7eocwMDv6X E8UWBJ5WEgAtvO16nfn/RRnBWgfQk5lg8PK7KtJdrFImuZ1VztNkBEkVofRyCSDPWrJZ x3AQrY2hbFiF192tLQISFTVUssN5WBDXy1RTuLVT/TOaXqYDq36j5y1Viz0noFsGnN5M ShcQ==
X-Gm-Message-State: AD7BkJLksInTI1qCprC5xt9TGjD9J9itlp/XV+WjYQ2y/5itNvx0ISrpzcSeK770SQVSyQ==
X-Received: by 10.28.145.196 with SMTP id t187mr7308927wmd.81.1459315785590; Tue, 29 Mar 2016 22:29:45 -0700 (PDT)
Received: from [192.168.137.59] ([109.253.199.81]) by smtp.gmail.com with ESMTPSA id da6sm1969162wjb.24.2016.03.29.22.29.44 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 29 Mar 2016 22:29:45 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com>
Date: Wed, 30 Mar 2016 08:29:42 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <3F32A6CE-DE7F-4230-8077-AE2CC1161235@gmail.com>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OUUNSpD1BIVSVfRRjPst0y6L7JI>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2016 05:29:50 -0000

Hi Sean

I also strongly support this.  I’m just wondering how we plan to enforce the "stable, publicly available, peer reviewed reference” part. As your examples below show, the reference tends to be an I-D. That’s stable and publicly available, but we have no idea if it’s peer reviewed or who the author’s peers are.

One other thing, in some of the links you pasted below you give a specific draft version (like https://www.ietf.org/archive/id/draft-zauner-tls-aes-ocb-03.txt) while for the others you give the generic version (like https://datatracker.ietf.org/doc/draft-ietf-tls-pwd/). The former is stable but the latter is not. Are the authors free to keep modifying the specification after getting the code point?

Yoav

> On 30 Mar 2016, at 4:53 AM, Sean Turner <sean@sn3rd.com> wrote:
> 
> Hi!
> 
> In Yokohama, we discussed changing the IANA registry assignment rules for cipher suites to allow anyone with a stable, publicly available, peer reviewed reference document to request and get a code point and to add an “IETF Recommended” column to the registry.  This change is motivated by the large # of requests received for code points [0], the need to alter the incorrect perception that getting a code point somehow legitimizes the suite/algorithm, and to help implementers out.  We need to determine whether we have consensus on this plan, which follows:
> 
> 1. The IANA registry rules for the TLS cipher suite registry [1] will be changed to specification required.
> 
> 2. A new “IETF Recommended” column will be added with two values: “Y” or “N”.  Y and N have the following meaning:
> 
> Cipher suites marked with a “Y” the IETF has consensus on
> and are reasonably expected to be supported by widely
> used implementations such as open-source libraries.  The
> IETF takes no position on the cipher suites marked with an
> “N”.  Not IETF recommended does not necessarily (but can)
> mean that the ciphers are not cryptographically sound (i.e.,
> are bad).  Cipher suites can be recategorized from N to Y
> (e.g., Curve448) and vice versa.
> 
> 3. We will add a “Note" to the IANA registry itself (i.e., on [0]) that matches the above so that the same information is available to those who don’t read the IANA considerations section of the RFC.
> 
> Please indicate whether or not you could support this plan.
> 
> Thanks,
> 
> J&S
> 
> [0] In the last year, the chairs have received requests for:
> 
> PSK: https://datatracker.ietf.org/doc/draft-mattsson-tls-ecdhe-psk-aead/
> AES-OCB: https://www.ietf.org/archive/id/draft-zauner-tls-aes-ocb-03.txt
> Kcipher2: https://datatracker.ietf.org/doc/draft-kiyomoto-kcipher2-tls/
> dragonfly: https://datatracker.ietf.org/doc/draft-ietf-tls-pwd/
> NTRU:  http://www.ietf.org/id/draft-whyte-qsh-tls12-01.txt
> JPAKE: not sure they got around to publishing a draft.
> 
> [1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email