IETF Logo Mail Archive

Re: [TLS] PR#345: IANA Considerations

Eric Rescorla <ekr@rtfm.com> Tue, 17 November 2015 18:47 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CF421B3332 for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 10:47:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.712
X-Spam-Level:
X-Spam-Status: No, score=0.712 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KWzREB4s8Ep for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 10:47:47 -0800 (PST)
Received: from mail-yk0-x22b.google.com (mail-yk0-x22b.google.com [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E2E31B3335 for <tls@ietf.org>; Tue, 17 Nov 2015 10:47:47 -0800 (PST)
Received: by ykdr82 with SMTP id r82so21991859ykd.3 for <tls@ietf.org>; Tue, 17 Nov 2015 10:47:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=j0WmIFbi3Ncxz0RagHL4SPQBJF4gkrwfH9qFt+UaXW4=; b=su9uB8P/PT+4YrpVN0unsotB3aqEFXo+UoQRFZWsKQ6cdwbPSkINemJWiUx51C5Aj/ nuBV79M7Q9OhslkqvOIGrFcP3csvYjaNdBhH5avxqZPygeSvjWGSxI2E43AQBj3WiQAa uYgWyj37iSpHfUx7OPwk3SlfhLb2MbqU7P61hnfnkt0QEVZOH7PSPJX4TBuBXeqrkMyd bAiRcrcIHPIoOhp2PHHgcwglAgDr4BzvgDBd/YrLCzmYpk4qAN9KmApEXpH8dc/x2TBK BFOMmKEsxlybPpEDE1J0GtvBLyO0MphtSfYEXVFVEzZ1OUy2yAqR/ONbiC8hMc1gYCv0 56cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=j0WmIFbi3Ncxz0RagHL4SPQBJF4gkrwfH9qFt+UaXW4=; b=YFw4lOooFqacHsjIYBfkW5jCDaY6fQ0WPJGpOJTEALX831nwEseBBuJdSJP3nfbay0 jxcdNhLuHkOxCA8BOISmpzViQjXrcn5ajybRBFgPEipt5g+n4uqPigyllmyRcGhijFPg afVuDM9pzNCap1z0S3eKsK3CrRkmqX15k4SwioUQdYfrdEeKw5qdLn7ctdsof2Kf7H9O W7GC8dTN7thLMAFeZeOHGp02VpFMfWLFHBf6WhiqTN9nsvgu6LvfYJ6eJkBNmwgaO8fw I6gM6PWIUP0zaCMnCLt0vZmr0rI7HYUhxtqABbuSrm3wEtNDFir17Z3g0vecS5FdGRFF v9ng==
X-Gm-Message-State: ALoCoQkBF87HcU5nlwT7iyK+eNK0a1u6cHEIEeatDv2SdD+AiWr6IMlkpJhhYAvJ0TSXCH1UmkMn
X-Received: by 10.13.212.9 with SMTP id w9mr18110524ywd.192.1447786066552; Tue, 17 Nov 2015 10:47:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.221.203 with HTTP; Tue, 17 Nov 2015 10:47:07 -0800 (PST)
In-Reply-To: <BLUPR03MB139629A2B2EE9BCD591AA4BB8C1D0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABcZeBNMkJSQAm0gFZdecG8Nf+df+heP2V_u9pXGJmb7jV4BcQ@mail.gmail.com> <CABcZeBOD71keb_yE4EumgkOxXfOCnsniLrhDa3tHzsioE2E2bw@mail.gmail.com> <EAA07156-6F05-488B-A3E5-175100989449@sn3rd.com> <CABcZeBMn4BcpYLgoqFb=PuW92jnfhEK8cw7nStZEyh9RDdN6XQ@mail.gmail.com> <A61BBA75-2594-4DF7-8EF6-887B2F001DA1@sn3rd.com> <7276DA5B-0563-4D70-A611-96A2E80CAECB@tableau.com> <CABcZeBMN3mL3KYjMEjBqeZ+33it5Oi4BvO8zdz-2aXcs479bTQ@mail.gmail.com> <F28A7D6B-31DD-436D-8A0C-9AE56AC32485@vigilsec.com> <BLUPR03MB139629A2B2EE9BCD591AA4BB8C1D0@BLUPR03MB1396.namprd03.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 17 Nov 2015 10:47:07 -0800
Message-ID: <CABcZeBPuUzggyebymm=f19V1vOvENHNqOtM+JB9q9zfy7-7QKA@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: multipart/alternative; boundary="001a114fa6383555db0524c0f6d9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OVZXmNXLWVl7hF9AQjV_jP64ujc>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] PR#345: IANA Considerations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 18:47:49 -0000

Here is my understanding

- Recommended things are things which the IETF has reviewed and thinks are
good.
- Not recommended things are things which the IETF has not reviewed and may
be fine but may also be bad.

The intention is to break the binding between code point assignment and
endorsement.

-Ekr


On Tue, Nov 17, 2015 at 10:36 AM, Andrei Popov <Andrei.Popov@microsoft.com>
wrote:

> What is the intended use of the “Recommended” list? I.e. how is an
> implementer supposed to think about this marker?
>
>
>
> Cheers,
>
>
>
> Andrei
>
>
>
> *From:* TLS [mailto:tls-bounces@ietf.org] *On Behalf Of *Russ Housley
> *Sent:* Tuesday, November 17, 2015 10:01 AM
> *To:* IETF TLS <tls@ietf.org>
> *Subject:* Re: [TLS] PR#345: IANA Considerations
>
>
>
> +1.  This seems like a reasonable way forward.
>
>
>
> Russ
>
>
>
>
>
> On Nov 17, 2015, at 12:51 PM, Eric Rescorla wrote:
>
>
>
> There are presently four categories of cipher suites vis-a-vis TLS 1.3.
>
>
>
> 1. MUST or SHOULD cipher suites.
>
> 2. Standards track cipher suites (or ones we are making ST, like
>
>     the ECC ones).
>
> 3. Non standards track cipher suites
>
> 4. Cipher suites you can't use at all with TLS 1.3, like AES-CBC.
>
>
>
> I think we're all agreed that category #1 should be marked recommended
>
> and that #3 and #4 should not be. This leaves us with category #2, which
>
> includes stuff like:
>
>
>
> - FFDHE
>
> - CCM
>
>
>
> My proposal is that we:
>
>
>
> - List all the Standards Track cipher suites that are compatible with TLS
> 1.3 in Appendix A.
>
> - Mark all the cipher suites that are listed in Appendix A as "Recommended"
>
>
>
> -Ekr
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Tue, Nov 17, 2015 at 8:46 AM, Joe Salowey <jsalowey@tableau.com> wrote:
>
> I think the TLS 1.3 IANA considerations should just deal with setting up
> the recommended column and marking it for the cipher suites/extensions that
> are described in the 1.3 document.  Other cipher suites/extensions  can be
> marked as recommended through other documents.
>
>
>
>
>
> On 11/17/15, 6:54 AM, "TLS on behalf of Sean Turner" <tls-bounces@ietf.org
> on behalf of sean@sn3rd.com> wrote:
>
> >On Nov 17, 2015, at 16:40, Eric Rescorla <ekr@rtfm.com> wrote:
> >>
> >> > 1. The Cipher Suites "Recommended" column was populated based on
> >> >     the Standards Track RFCs listed in the document (and I removed the
> >> >     others).
> >>
> >> Isn’t it just the MTI suites listed in s8.1?
> >>
> >> Maybe I need to go check the minutes, but I thought it was the
> >> Standards Track ones, not the MTI ones that we agreed on.
> >> The difference here is largely the FFDHE cipher suites and CCM.
> >
> >From Jim’s notes in the etherpad:
> >
> >AOB
> >SPT: Requests for additional ciphers from others.  Listing in A.4
> >       Suggest thinning it down to the SHOULD/MUST list only.
> >EKR: Need to encourage support for PSK variants
> >EKR: Looking at the difference between the "good" list and the "safe"
> list and the "no opinion" list
> >EKR: Sample case would be 448 - not a MUST/SHOULD but still think it is
> good.
> >
> >spt
>
> >_______________________________________________
> >TLS mailing list
> >TLS@ietf.org
> >https://www.ietf.org/mailman/listinfo/tls
> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7c93b5f706db184f0ff21a08d2ef7928e3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=psX1xULe1yb%2ffQibjLpvVTgFaltnGiMcqeo8S1Y91qE%3d>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7c93b5f706db184f0ff21a08d2ef7928e3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=psX1xULe1yb%2ffQibjLpvVTgFaltnGiMcqeo8S1Y91qE%3d>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email