[TLS] Uplifting 5289
Eric Rescorla <ekr@rtfm.com> Thu, 16 March 2017 15:18 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CC6B1295E3 for <tls@ietfa.amsl.com>; Thu, 16 Mar 2017 08:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUINOFDICAsm for <tls@ietfa.amsl.com>; Thu, 16 Mar 2017 08:18:27 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16DE7129618 for <tls@ietf.org>; Thu, 16 Mar 2017 08:18:09 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id v76so34504505ywg.0 for <tls@ietf.org>; Thu, 16 Mar 2017 08:18:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=xwE8JGdnsQMKs4ynXvwP34QYkxgJXzsG7rN3wnNSsSc=; b=eP614eoEKoh1J1jGXKgUTfHuMxtgKM7NBwgQFhKtA7TgH9yTDD+t4ehip+fhTyLJlp TdEn72K6cftLcw3T9Y2DLB3Xi0mO/b8NOGl0ChgWE+2QLuBWYVxXbZ8pptYi2eswNypn 4Gxcm7LkGwLc3xNGOWf8gXK54y5Z/+x5zav9I1hLszDUEXZmtbLuCgeC2+ZT6v+ZQvWP eeL4bwyd8xSLnz/eSygSV6AADRRDVgoTP1qy6/x5MhvvHOeifQAlnO+f1LdB5LOQjpRr uwlqYtbaM/eix3wQBwXn4fyZpudR+dt+LIU2ABkw/IqBdjleZdh91mdDgpvU5xlRR5Eh x7jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xwE8JGdnsQMKs4ynXvwP34QYkxgJXzsG7rN3wnNSsSc=; b=OZcyXyTGWQloS8fjhraJXlYxIuY17o1Ma5Qlt0lykZhgrgBTfO7938seksB0jrS8S1 xA7fcpFfhR75HzBcShbCTHdk0Dc5YC28w+g+5XfxertdyXpOUVR0s7roQxQj9YvDV7v5 IBXT8QR5YtgqBVg9j1wThzhi4SKjzIqPwCNPyURCAy2kH34KCC3aNxV5XHflkuvS17IG iLm6GYl2/PavtojhAHybGcf5Uw12yPxu9bIDdaKOcAj6nFmm/xq/wkjVemz7Zy8LjAc/ yKyK6wYT+WHvAkeygS5JYAZS2kjozkR4tUuaogzVnmvPsrpS9/6kzp8u6irX2Sb2i2+0 668w==
X-Gm-Message-State: AFeK/H0QGiHllPQ3XpBa9wSuo6gFTQch+X0VzB00KAuCseE64ZBvhl06pUsT61+RiSIxT4d+IqjAK42+8KKPOA==
X-Received: by 10.129.177.8 with SMTP id p8mr7669665ywh.327.1489677487923; Thu, 16 Mar 2017 08:18:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.154.210 with HTTP; Thu, 16 Mar 2017 08:17:27 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 16 Mar 2017 08:17:27 -0700
Message-ID: <CABcZeBPb-bHAOKWDqszE1gbVPHH-3HsVSCjGzCdEQB37MyFz4Q@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c13ce387f828f054ada913d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZYm72lgh9O5UAJhhV96K9aWYFrk>
Subject: [TLS] Uplifting 5289
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 15:18:29 -0000
Hi folks I note that we are proposing to uplift RFC 5289 to PS, despite the fact that it standardizes some CBC cipher suites, which the WG is looking to move away from. I recognize that these are the only cipher suites you can use in TLS 1.0 and 1.1, but we also want people to move away from them. This problem is probably solvable by marking the registry as Not Recommended, but I wondered if anyone had other thoughts on this topic? -Ekr
- [TLS] Uplifting 5289 Eric Rescorla
- Re: [TLS] Uplifting 5289 Sean Turner
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 kathleen.moriarty.ietf
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 Eric Rescorla
- Re: [TLS] Uplifting 5289 Yoav Nir
- Re: [TLS] Uplifting 5289 Stephen Farrell