IETF Logo Mail Archive

Re: [TLS] PR#345: IANA Considerations

Dave Garrett <davemgarrett@gmail.com> Wed, 18 November 2015 04:30 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A75591AC439 for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 20:30:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOMGeTu3huob for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 20:30:29 -0800 (PST)
Received: from mail-yk0-x233.google.com (mail-yk0-x233.google.com [IPv6:2607:f8b0:4002:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC671AC434 for <tls@ietf.org>; Tue, 17 Nov 2015 20:30:29 -0800 (PST)
Received: by ykdv3 with SMTP id v3so44865408ykd.0 for <tls@ietf.org>; Tue, 17 Nov 2015 20:30:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; bh=L8/AdjkOqSfnVsczP+E0xgf9bsZXZMdf/aRarqf6Zv8=; b=LKjzfRCXL1mJOEk6mOU+yUe6GggUgQCpfrZu9yzqUehzGUzlUdFWnuf5sU1gt7MXIF r39ARwZY0jC1omz/5llfFzXXQ6AXyAbf9AwNSGP5uAPyaY8nlM4OY8SDs4mEg8YwRSqD EDZ1fqyYD1z2aNrUN40PAAeNGpCdDWHdZdJZnPw6Kh+EZFXqs/6q/2bfzK60o5pR5g49 EurvW7DUkGeV4JMHJfsXwOGeUI/OfssV2W8ntIV2C9uF4TCR1D/pqLORYbaEhHmgeoTz 70oWx9CYp5EgOpxTQCzDj9OdC51TTem7C+dl9b2Tolb3S83uMxZv0mJZMO2zAnQTB0xn G/3Q==
X-Received: by 10.129.157.70 with SMTP id u67mr5213754ywg.160.1447821028590; Tue, 17 Nov 2015 20:30:28 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id c5sm1233076ywf.12.2015.11.17.20.30.27 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 17 Nov 2015 20:30:28 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org, Ilari Liusvaara <ilariliusvaara@welho.com>, Viktor Dukhovni <ietf-dane@dukhovni.org>
Date: Tue, 17 Nov 2015 23:30:25 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBNMkJSQAm0gFZdecG8Nf+df+heP2V_u9pXGJmb7jV4BcQ@mail.gmail.com> <20151117190651.GJ18315@mournblade.imrryr.org> <20151117191400.GA11869@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20151117191400.GA11869@LK-Perkele-V2.elisa-laajakaista.fi>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201511172330.26480.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/RIRDKDXYIdc2M0f3Olobk7MC8zE>
Subject: Re: [TLS] PR#345: IANA Considerations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 04:30:30 -0000

On Tuesday, November 17, 2015 02:14:00 pm Ilari Liusvaara wrote:
> All current registered/proposed ciphersuites that work in TLS 1.3 are
> *-GCM or *-POLY1305 ones (with DHE or ECDHE).

DHE AES CCM is still in the list, even after the changes in the current proposal. ECDHE AES CCM is not as it's not standards track. There's an argument that it should be promoted alongside ECDHE AES GCM, however we're not really recommending CCM so that's probably not desired (and I don't know if it has had enough use to be considered recommended).

There will likely also be AES OCB, at some point.

On Tuesday, November 17, 2015 02:17:05 pm Viktor Dukhovni wrote:
> I'm well aware of that, I'm just wondering whether the "Recommended"
> column should cover recommendations for TLS 1.2 as well TLS 1.3?

Yes. The following is in the backwards compatibility appendix in the current draft:

"If an implementation negotiates use of TLS 1.2, then negotiation of cipher suites also supported by TLS 1.3 SHOULD be preferred, if available."

At the end of the day, though, it's just a qualified "SHOULD". We're just talking recommendations. This isn't a diediedie RFC.


Dave

v2.23.0 | Report a Bug | By Email