IETF Logo Mail Archive

Re: [TLS] TLS Provfiles (Was: Call for consensus to remove anonymous DH)

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 17 September 2015 03:27 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1C2D1A8AE5 for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 20:27:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.071
X-Spam-Level:
X-Spam-Status: No, score=0.071 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FRT_PROFILE2=1.981, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3BzeiUPU0dmt for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 20:27:28 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED2A71ACED2 for <tls@ietf.org>; Wed, 16 Sep 2015 20:27:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1442460448; x=1473996448; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=u7RLyFvuIgoZaiz2djVfu1hQtQ4bym439dCJGsOv4Jo=; b=PyooMlv+hz411Y98aR5ZL5ZUyl2sOy4YRGDp/uY1Wpf8gLfyCbLWo/Qs BkvNCmbwaw+vO65byeycnSKxJWsjnWh6gLQ6t0LOFPut+U1bXS54D8kge u4lhLNDOKCmdtNICg8AfZ+O4lzPI2++eHS7adYyD10YkyhuvZ0N31VdX7 RvorESThqN7/osAWEoKpISkUp9i8xOQ5386FXBezK5a1qYwVB2rHM95Hf nUaNdMcUBCdUOiYHIN0oKrkBeyfl+9Cke4mFYnhDnyMN8ZoPCkmW1tMnA dqiE1sn2pF2BbEl2JdZMJO0ffRnxgrx5DqboNX90gQ6CXkWQbdZxwjQSV A==;
X-IronPort-AV: E=Sophos;i="5.17,543,1437393600"; d="scan'208";a="42115726"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.112 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxchange10-fe1.UoA.auckland.ac.nz) ([130.216.4.112]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 17 Sep 2015 15:27:23 +1200
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.47]) by uxchange10-fe1.UoA.auckland.ac.nz ([130.216.4.112]) with mapi id 14.03.0174.001; Thu, 17 Sep 2015 15:27:23 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS Provfiles (Was: Call for consensus to remove anonymous DH)
Thread-Index: AQHQ8FFq13KcVZ89fEGkcyYs2GLTPZ4+0CRR//8+EACAAPO8Y///an0AgADTscb//2ThAAAA5YQAAABdu4AALCywug==
Date: Thu, 17 Sep 2015 03:27:22 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B09341@uxcn10-tdc05.UoA.auckland.ac.nz>
References: <CAH8yC8=eHzQPL6cROVK4Pm0V2FSYTL7C7csLG7p49W5LEmfo=Q@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B08850@uxcn10-tdc05.UoA.auckland.ac.nz> <CABkgnnWkbrvqMkkH1Yqj0Psb8=pDPqaQJ7A=6ZUT-DabWWAMHQ@mail.gmail.com> <201509161410.36507.davemgarrett@gmail.com>, <20150916182105.GB21942@mournblade.imrryr.org>
In-Reply-To: <20150916182105.GB21942@mournblade.imrryr.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/_lQIo7v6GYG77vVQUC29qwce-rs>
Subject: Re: [TLS] TLS Provfiles (Was: Call for consensus to remove anonymous DH)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 03:27:32 -0000

Viktor Dukhovni <ietf-dane@dukhovni.org> writes:

>Explicit profiles make some sense.  They need not be defined by the TLS 
>WG per-se, it might be enough for the TLS specification to reference an 
>IANA profile registry, with the TLS-WG defining a "base" profile.  Then 
>other WGs (including the[ TLS WG) can define additional profiles.

That would be good, so the base spec could contain text like "This document 
describes every possible option that the protocol can support.  It is not 
expected that TLS applications implement every one of these options, since 
many will be inappropriate or unnecessary in many situations.  Profiles for 
specific situations like web browsing, secure tunnels, IoT, embedded 
devices, and SCADA use can be found  at ...".

Peter.

v2.23.0 | Report a Bug | By Email