[TLS] [Errata Rejected] RFC5246 (5409)

RFC Errata System <rfc-editor@rfc-editor.org> Sat, 14 July 2018 15:35 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id EF4371310FE; Sat, 14 Jul 2018 08:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id e5xFvUfVzH16; Sat, 14 Jul 2018 08:35:51 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7FC41310E8; Sat, 14 Jul 2018 08:35:51 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id BAC4BB80EB9; Sat, 14 Jul 2018 08:35:48 -0700 (PDT)
To: eugene.adell@gmail.com, tim@dierks.org, ekr@rtfm.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: kaduk@mit.edu, iesg@ietf.org, tls@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20180714153548.BAC4BB80EB9@rfc-editor.org>
Date: Sat, 14 Jul 2018 08:35:48 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PKKK6ukQH1MDJEwXsBOpBC_UbeM>
Subject: [TLS] [Errata Rejected] RFC5246 (5409)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jul 2018 15:36:01 -0000

The following errata report has been rejected for RFC5246,
"The Transport Layer Security (TLS) Protocol Version 1.2".

You may review the report below and at:

Status: Rejected
Type: Technical

Reported by: Eugene Adell <eugene.adell@gmail.com>
Date Reported: 2018-06-26
Rejected by: Benjamin Kaduk (IESG)

Section: Appendix A.5

Original Text
   Note: The cipher suite values { 0x00, 0x1C } and { 0x00, 0x1D } are
   reserved to avoid collision with Fortezza-based cipher suites in
   SSL 3.

Corrected Text
   Note: The cipher suite values { 0x00, 0x1C } and { 0x00, 0x1D } are
   reserved to avoid collision with Fortezza-based cipher suites in
   SSL 3. The cipher suite value { 0x00, 0x1E } firstly also assigned to
   Fortezza has been released and has since been be reassigned. 

RFC 2712 (Addition of Kerberos Cipher Suites to Transport Layer Security) in its Draft 01 version introduces three new cipher suites colliding with the three Fortezza ones. The Draft 02 version partially corrects that, by moving the Kerberos cipher suites values by two.
This omission of the third cipher suite has never been corrected, and this remains in the same state in the final RFC 2712, RFC 2246 and its successors including this one.

Changing the first Kerberos cipher suite value, or moving all of them, would now not make any sense. Enhancing the note as suggested is probably enough to mention how one Fortezza cipher suite disappeared.
   RFC 5246 is not the appropriate location to document this conflict.

RFC5246 (draft-ietf-tls-rfc4346-bis-10)
Title               : The Transport Layer Security (TLS) Protocol Version 1.2
Publication Date    : August 2008
Author(s)           : T. Dierks, E. Rescorla
Category            : PROPOSED STANDARD
Source              : Transport Layer Security
Area                : Security
Stream              : IETF
Verifying Party     : IESG