Re: [TLS] Reserve or close HashAlgorithm and SignatureAlgorithm registries?
Russ Housley <housley@vigilsec.com> Fri, 04 May 2018 20:24 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB1A312D947 for <tls@ietfa.amsl.com>; Fri, 4 May 2018 13:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EzjCEspiB9lC for <tls@ietfa.amsl.com>; Fri, 4 May 2018 13:24:32 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 883941200C1 for <tls@ietf.org>; Fri, 4 May 2018 13:24:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 6A8D3300A3A for <tls@ietf.org>; Fri, 4 May 2018 16:24:30 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0FqSGyZ_iWZv for <tls@ietf.org>; Fri, 4 May 2018 16:24:29 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 21C96300434; Fri, 4 May 2018 16:24:29 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <079B8933-C079-4929-AB2C-93DBC5E8B8EA@sn3rd.com>
Date: Fri, 04 May 2018 16:24:29 -0400
Cc: IETF TLS <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <25C01745-249F-40C9-89D4-A78D05A0BE4A@vigilsec.com>
References: <079B8933-C079-4929-AB2C-93DBC5E8B8EA@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OuYg5ObFpvhWlOUUUElzcsGjvro>
Subject: Re: [TLS] Reserve or close HashAlgorithm and SignatureAlgorithm registries?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 20:24:35 -0000
I think that reserving them is the right thing for now. TLS 1.2 and earlier will take a while to disappear, so the ability to assign more values if there is a huge surprise seems prudent. Russ > On May 4, 2018, at 3:54 PM, Sean Turner <sean@sn3rd.com> wrote: > > The open issue in draft-ietf-tls-iana-registry-updates is whether we should close the registries or simply reserve the remaining values. I’ve submitted the following PR to simply reserve the values and point to the SignatureScheme registry for 1.3 values: > https://github.com/tlswg/draft-ietf-tls-iana-registry-updates/pull/75 > I did this because a) closing a registry is really just symbolic; a draft (or the IESG) can later reopen the registry, and b) At least person has indicated they might want code points for a TLS1.2 implementation. Regardless of what we do we should point to the SignatureScheme registry for 1.3, but I just don’t really see the point in “closing” the registry. If this PR makes you really sad please let us know. > > Please note that the gh editor’s copy also includes the IESG-related changes. I’d characterize most of them as good catches (e.g., cached_info was missing) and consistency (e.g., some of the DE language was not consistent). > > I’d also like to point out that IANA specifically asked about the DE doing such a minimal review and we let them know that yes in some cases it was going to be just that. But, this also made us consider adding the text that was in the security considerations and elsewhere to every DE-related note. It is clearer now what the DE will do in the notes in case people don’t want to take the time to review this draft, which is actually what I think happens in most cases. > > spt > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Reserve or close HashAlgorithm and Signatur… Sean Turner
- Re: [TLS] Reserve or close HashAlgorithm and Sign… Russ Housley
- Re: [TLS] Reserve or close HashAlgorithm and Sign… Hubert Kario