IETF Logo Mail Archive

Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Wed, 06 April 2016 17:33 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F0312D6F5 for <tls@ietfa.amsl.com>; Wed, 6 Apr 2016 10:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5C7w4A9kbMei for <tls@ietfa.amsl.com>; Wed, 6 Apr 2016 10:33:01 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0116.outbound.protection.outlook.com [23.103.200.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C441A12D6D9 for <tls@ietf.org>; Wed, 6 Apr 2016 10:33:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2um14h3x8w79IovS4pjkT++F6eBRfys9Wm9VsxD+/Qg=; b=oasAe/8h/GyuFSAyIlVvxcx8/LVZa4scSXCRB1R+f4YmtTE0whDU3qYlfAY+G2Q89VyYL3uJCrH1JlStVPy2xJ7D7FqYQNUJ92yU2B78umuqmKZwBs7HCFCMc2M2EXUl7wGWjhTQZQ/bBdfKQhx3YGScGVAnr2S35UD9wB//fBI=
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB121.namprd09.prod.outlook.com (10.255.200.145) with Microsoft SMTP Server (TLS) id 15.1.447.15; Wed, 6 Apr 2016 17:32:59 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0447.028; Wed, 6 Apr 2016 17:32:59 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] call for consensus: changes to IANA registry rules for cipher suites
Thread-Index: AQHRi1Owi0D04/+DE0+p53p0UyUeQJ99PGoW
Date: Wed, 06 Apr 2016 17:32:58 +0000
Message-ID: <BN1PR09MB1248CD69E81D4BF9E09E53EF39F0@BN1PR09MB124.namprd09.prod.outlook.com>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com>, <56FD2A0A.1050607@gmx.net>
In-Reply-To: <56FD2A0A.1050607@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmx.net; dkim=none (message not signed) header.d=none;gmx.net; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [2001:67c:370:160:c9ba:e21e:246:a4f2]
x-ms-office365-filtering-correlation-id: 6048529b-112c-4258-8ff4-08d35e417f49
x-microsoft-exchange-diagnostics: 1; BN1PR09MB121; 5:l7YTr2iBtHdvIYOOV0RdILXBB1iO3NyT6A2aqkHGmBVM4v7Lr19kC0fpu39hpK2/IjZG64nB4ixwYITcg2nocuLZ5Fl8UctF3EiBoTKkzrdaV0hHzmZL1zbCHJx2rav6uOIjoibTNkbu91P+c7uthQ==; 24:nz/Cwq0u5Secnp5dEPuY34W3wSVCVswIqGJC0o6+nQlfOpHgXdPkcMYb2wJp3fF103L7gIQ2gfC0dFHI4CCzqlQ4Jab6N11kY02Rwgs7auc=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB121;
x-microsoft-antispam-prvs: <BN1PR09MB121329F7401B1B8E1FF5DDAF39F0@BN1PR09MB121.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:BN1PR09MB121; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB121;
x-forefront-prvs: 0904004ECB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(24454002)(377454003)(1220700001)(87936001)(76176999)(1096002)(54356999)(2950100001)(10400500002)(5008740100001)(102836003)(2900100001)(586003)(189998001)(74316001)(107886002)(5001770100001)(5002640100001)(5004730100002)(50986999)(6116002)(15975445007)(5003600100002)(33656002)(106116001)(122556002)(77096005)(86362001)(99286002)(76576001)(81166005)(11100500001)(92566002)(3660700001)(164054004)(2906002)(19580405001)(3280700002)(19580395003)(3900700001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB121; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2016 17:32:58.6253 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB121
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OxAz8eStF5imeiRjVTt8Apb4cik>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 17:33:06 -0000

Hi Sean,

I would like to express my opinion again.

I think the first requirement is great and sufficient. 

I have great support, appreciation and respect for the open source communities. However, the second requirement means that an IETF consensus can have no values in theory and that sounds not right to me.

Regards,
Quynh. 

________________________________________
From: TLS <tls-bounces@ietf.org> on behalf of Hannes Tschofenig <hannes.tschofenig@gmx.net>
Sent: Thursday, March 31, 2016 9:45 AM
To: Sean Turner; <tls@ietf.org>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

Hi Sean,

What is the requirement for adding a spec to the list with the value
IETF Recommended = "Y" (or to change an entry from "Y" to "N")?

You mention two conditions:

 * IETF has consensus
 * Are reasonably expected to be supported by widely used
implementations such as open-source libraries

Of course, with all our work we expect them to be supported by widely
used implementations. The future is unpredicable and therefore not a
good item for making a judgement. I realy find document authors who have
less interest to get their stuff deployed.

Getting IETF consensus on specifications has turned to be easier than
most people expect and the IETF published RFCs that have not received a
lot of review. Large amount of review is not a pre-condition for consensus.

While your idea sounds good it suffers from practical issues. I am
worried that the process will not be too fair and may favor a certain
type of community.

Ciao
Hannes


On 03/30/2016 03:53 AM, Sean Turner wrote:
> Hi!
>
> In Yokohama, we discussed changing the IANA registry assignment rules for cipher suites to allow anyone with a stable, publicly available, peer reviewed reference document to request and get a code point and to add an “IETF Recommended” column to the registry.  This change is motivated by the large # of requests received for code points [0], the need to alter the incorrect perception that getting a code point somehow legitimizes the suite/algorithm, and to help implementers out.  We need to determine whether we have consensus on this plan, which follows:
>
> 1. The IANA registry rules for the TLS cipher suite registry [1] will be changed to specification required.
>
> 2. A new “IETF Recommended” column will be added with two values: “Y” or “N”.  Y and N have the following meaning:
>
>  Cipher suites marked with a “Y” the IETF has consensus on
>  and are reasonably expected to be supported by widely
>  used implementations such as open-source libraries.  The
>  IETF takes no position on the cipher suites marked with an
>  “N”.  Not IETF recommended does not necessarily (but can)
>  mean that the ciphers are not cryptographically sound (i.e.,
>  are bad).  Cipher suites can be recategorized from N to Y
>  (e.g., Curve448) and vice versa.
>
> 3. We will add a “Note" to the IANA registry itself (i.e., on [0]) that matches the above so that the same information is available to those who don’t read the IANA considerations section of the RFC.
>
> Please indicate whether or not you could support this plan.
>
> Thanks,
>
> J&S
>
> [0] In the last year, the chairs have received requests for:
>
> PSK: https://datatracker.ietf.org/doc/draft-mattsson-tls-ecdhe-psk-aead/
> AES-OCB: https://www.ietf.org/archive/id/draft-zauner-tls-aes-ocb-03.txt
> Kcipher2: https://datatracker.ietf.org/doc/draft-kiyomoto-kcipher2-tls/
> dragonfly: https://datatracker.ietf.org/doc/draft-ietf-tls-pwd/
> NTRU:  http://www.ietf.org/id/draft-whyte-qsh-tls12-01.txt
> JPAKE: not sure they got around to publishing a draft.
>
> [1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email