Re: [TLS] Definition of cipher suites for TLS 1.2 still possible?
Kyle Rose <krose@krose.org> Tue, 02 May 2017 15:28 UTC
Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02589131462 for <tls@ietfa.amsl.com>; Tue, 2 May 2017 08:28:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iK3nbxrLw3-D for <tls@ietfa.amsl.com>; Tue, 2 May 2017 08:28:30 -0700 (PDT)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C47D1314D0 for <tls@ietf.org>; Tue, 2 May 2017 08:25:41 -0700 (PDT)
Received: by mail-qt0-x22f.google.com with SMTP id g60so115160117qtd.3 for <tls@ietf.org>; Tue, 02 May 2017 08:25:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=36a6iSFSH1H8UlI1RSlmu5++0obVqYQCaKkgoBMnBZM=; b=neepD3YklfSwqdKmYyipclDBSItOik0cGfeba7ZT9R+tp0IRxNOxE1FLv5Kp8EwTl6 voyw0WF49snPoK7jkj8MX+EGbk5SOdIifCY8kgTI+fTS2PD/9ycBPZqAj+2yTM5lwzMn 08Ut167c75LcNOY7O46EATsGDzILOy8/lXiZA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=36a6iSFSH1H8UlI1RSlmu5++0obVqYQCaKkgoBMnBZM=; b=b+IIpfm03glGV1YYdyY/+QUeZ/0Ee2sFwmsHcB+8xp/13KVBm8x1LPlQBXfbUzyh6h zzSvQeBDnPMMqho1/kfdVYEccX6YJyizY37ttwdVydeGbW0DhOWyQq9wOFjzKqLuC0ob DWGJpxdtu+/8wc2whUgNQMWVtRC/5r8gkB4LVg2/oXRuou2lUFICkLUjVPsl7/xflqg+ wKLxN6nN7L/UprA4UZwVXin32P8QU5f/QtaKeNDdsFGxU0Hfdmr3GJQLWlKo2bmfMOkn 80nDDZiXwv8kx4hBvqeBjjCY+qK8jAPl16RnnR6cUj0cAIOv9Su1daTSiOXY9FMNRStZ F3Cg==
X-Gm-Message-State: AN3rC/5cwmQK2YxoVLZ8/eRcY5i7ptTOKgkpfRXm33323hAV5Tr9QKxC 4gI99oH2zNCPNdLZJ5uElWRH1wiZLA==
X-Received: by 10.237.57.170 with SMTP id m39mr26140583qte.163.1493738740632; Tue, 02 May 2017 08:25:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.80.65 with HTTP; Tue, 2 May 2017 08:25:40 -0700 (PDT)
X-Originating-IP: [72.246.0.14]
In-Reply-To: <5f28d7e672be47aeb1dd5fd2a33dcf75@ustx2ex-dag1mb1.msg.corp.akamai.com>
References: <E6C9F0E527F94F4692731382340B33784A092E@DENBGAT9EH2MSX.ww902.siemens.net> <5f28d7e672be47aeb1dd5fd2a33dcf75@ustx2ex-dag1mb1.msg.corp.akamai.com>
From: Kyle Rose <krose@krose.org>
Date: Tue, 02 May 2017 11:25:40 -0400
Message-ID: <CAJU8_nUcvjMY-3bXGbkOOSDgUsmarSD72agLZURrGxT_Gxu3Bg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "Fries, Steffen" <steffen.fries@siemens.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11404b9c06072f054e8c2763"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/a3uMIKzTbibErQ-oKxHeVEuF0zo>
Subject: Re: [TLS] Definition of cipher suites for TLS 1.2 still possible?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 May 2017 15:28:33 -0000
On Tue, May 2, 2017 at 10:24 AM, Salz, Rich <rsalz@akamai.com> wrote: > > it may be a naïve question, but is it still possible to define and > standardize new cipher suites for TLS 1.2 as an RFC, when TLS 1.3 is almost > finished? > > Yes it is. It might be "informational" not "standards-track" but it's > certainly possible/allowed/etc. > Whether it's worth doing or not depends on the objective. If the desire is to get support for a new TLS 1.2 cipher suite into browsers or open source TLS stacks, well... good luck with that. If the desire is to get something working for their own internal use, standardization is not really necessary, though I would certainly advise doing whatever is required to get a code point from IANA. If the desire is somewhere in the middle, such as internal use plus interop with other organizations within an industry or consortium, then publication of an informational RFC might make sense. I'm skeptical, however, that they will get a lot of attention from folks on this list as there seems to be little interest in spending time on a legacy protocol; and pursuing something standards track will probably go nowhere. Kyle
- [TLS] Definition of cipher suites for TLS 1.2 sti… Fries, Steffen
- Re: [TLS] Definition of cipher suites for TLS 1.2… Salz, Rich
- Re: [TLS] Definition of cipher suites for TLS 1.2… Kyle Rose
- Re: [TLS] Definition of cipher suites for TLS 1.2… Peter Gutmann