[TLS] Re: [Last-Call] Re: Last Call: <draft-ietf-tls-rfc8447bis-11.txt> (IANA Registry Updates for TLS and DTLS) to Proposed Standard
Eric Rescorla <ekr@rtfm.com> Tue, 18 March 2025 08:32 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A5D78DA5F93 for <tls@mail2.ietf.org>; Tue, 18 Mar 2025 01:32:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cKvr7QxRKSd2 for <tls@mail2.ietf.org>; Tue, 18 Mar 2025 01:32:05 -0700 (PDT)
Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1217DDA5F71 for <tls@ietf.org>; Tue, 18 Mar 2025 01:32:05 -0700 (PDT)
Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-6f47ed1f40dso41954567b3.1 for <tls@ietf.org>; Tue, 18 Mar 2025 01:32:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1742286724; x=1742891524; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=kmqUswLyUdIi+y7t4/6eFowC5Z662Hz9XGfTDYpzwrA=; b=rnONxSW2RUEZV5dNEDGpr+f8LfFrDhcaUqCwERzuRC65yadbD9LQFvzv30F2vEuQ6L mu0bw+Xhe/6MMQY67i3zthBx56NLTmmOE7RLTPB+hzmXEM4MN+27YiNTyK+RTwOWcLXp EPKVirLKB1PzysRZ0j16ZjJs3PkpFurlJ1blNIeyABN2erVcITpoUiEsVUmJ4yj9rOLr vGLRWoUAZVOIGLyau/65roN1fIfWhGFHB/sBV59E74N8lPC8EbpaiXBy0LmMo1aPiJdu tBeegu45oAGh1bgjLddUNuceZyYlPMJ1w8qSjln1XETxjY0n8R9figRrbBZDMCfPOnBR 42HQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742286724; x=1742891524; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kmqUswLyUdIi+y7t4/6eFowC5Z662Hz9XGfTDYpzwrA=; b=fFkFuldtJzai34wSwD/xjMy6nDbT7qBwvbfaWgPKDAT0UuU0WXRD8TGBrvfqpqCDOM h1w7hsv3nwyJh0miyLNVPZPVXavM5536L/hB/BTqsyG3kb4wcN+Uqo4Jqn/FfSCr9V8e DtW/GJJlgzeHDTvB5w1SNQ+SyzmoAG3itISsgY/1oVzygVax4amcvVxtS18y6jeUatep a3CGB9QIK/xBPBrmV8Z7jhLbGx7DbFvnkgv1T3Awlfk7esFRJe+m4tpfgIy5D0/rTqgT ZJG5yky+4p66qoqSfzXA+Fji4Z/kB4i/U4mfClzbkC3jFMBvNGOYV4MMEW97Ax2wqwsD /jwg==
X-Forwarded-Encrypted: i=1; AJvYcCUSrAccntVC7pYtpUHkVhx57A4aEzEjcIeExQaTsmeD9hFb64PMl3BmGN1Ur2Rv9xFxfaI=@ietf.org
X-Gm-Message-State: AOJu0YwtO3xBq+usqdp0fCB9l9NyvXEaRUlJ33s2cTkdfWpw9KQxATLt zItEkDgLo7yEyozG0zy1eBSnWigwPU3APD8KrfC4CcPGv4T8oe/+125/rW7uQUWNYTrCn3j+0a2 TaVEWsVz8OwZsk095frLgE8aL43go5L4ROUbzUQ==
X-Gm-Gg: ASbGncuT5WDlSgwm+tZpGBGuwG5QCKRAsmC40eVEiz7Wv2oX9WAL7Q0NnBJ1fhKKGPU jGdTX9UMmTqlwHG8NkraJbvDyLeTkcEeHtQS2K/J5j5zATozZI5o9EMODsLH0KoytIkW4lram7y JkoKK2kAImSzfvp3uXboRTZKVMM/6/
X-Google-Smtp-Source: AGHT+IEXBns6TzvyVJYYbrhq1bUrs/koy4TlxrAGZRhfMNuodiwuMeLDeoCMhD8E8fuiR9iZdUXkLAAWbUgroK7wM68=
X-Received: by 2002:a05:690c:296:b0:6fe:b7ed:9715 with SMTP id 00721157ae682-6ffd7466beamr42924197b3.11.1742286724610; Tue, 18 Mar 2025 01:32:04 -0700 (PDT)
MIME-Version: 1.0
References: <174184001345.838119.1665635750501653391@dt-datatracker-775fc5cbb8-824tp> <6BB43AEB-CF42-4FE2-998A-DB85B373D464@proper.com> <CAOgPGoBg33o7N95PSue3KMwaOz=DcaP7tnNenX=WYQ_jitAyYw@mail.gmail.com> <492866DC-4B28-441A-87D9-54E27A7B02E1@proper.com>
In-Reply-To: <492866DC-4B28-441A-87D9-54E27A7B02E1@proper.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 18 Mar 2025 01:31:28 -0700
X-Gm-Features: AQ5f1Jogex71s4qVfnjgVeJn0ApgSQTAw1VGO5RXGvMdsLPR2SMhewTUEVJXz1I
Message-ID: <CABcZeBP+5fLPZJn8oD2tFCbfNvhdaQJxYtNOaaVZZdoVMogkSA@mail.gmail.com>
To: Paul Hoffman <phoffman@proper.com>
Content-Type: multipart/alternative; boundary="00000000000051616f063099bdc4"
Message-ID-Hash: GIILSFGUPV462H6UKGWRGRFK6BSJP23Y
X-Message-ID-Hash: GIILSFGUPV462H6UKGWRGRFK6BSJP23Y
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: last-call@ietf.org, draft-ietf-tls-rfc8447bis@ietf.org, paul.wouters@aiven.io, tls-chairs@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [Last-Call] Re: Last Call: <draft-ietf-tls-rfc8447bis-11.txt> (IANA Registry Updates for TLS and DTLS) to Proposed Standard
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aWp7bGwC-7yz_b_Gqks9crai45s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Mon, Mar 17, 2025 at 9:41 PM Paul Hoffman <phoffman@proper.com> wrote: > > > On 17 Mar 2025, at 17:40, Joseph Salowey wrote: > > > The draft already contains the following guidance to address this point > on > > how to treat items marked as "D": > > > > "D: Indicates that the item is discouraged. This marking could be used to > > identify mechanisms that might result in problems if they are used, such > as > > a weak cryptographic algorithm or a mechanism that might cause > > interoperability problems in deployment. Implementers SHOULD consult the > > linked references associated with the item to determine the conditions > > under which it SHOULD NOT or MUST NOT be used." > > > > The behavior of TLS when it cannot arrive on an acceptable set of > > parameters is defined in the TLS protocol specification. > > This does not address my comments: > > > On Fri, Mar 14, 2025 at 1:59 AM Paul Hoffman <phoffman@proper.com> > wrote: > > > >> Greetings again. The contents of this draft are fine but definitely > >> incomplete. The draft gives clear language about whether particular > >> cryptographic components are recommended for use in TLS, but no guidance > >> for implementations of what those implementations should do if given a > >> discouraged code point. > >> > >> If a TLS server negotiates to a cryptographic component labelled "D". > what > >> SHOULD / MUST the client do? > >> > >> If a TLS client only offers D-level components, what SHOULD / MUST the > >> server do? > >> > >> A program's configuration mechanism SHOULD NOT / MUST NOT allow > specifying > >> D-level components? > >> > >> This draft should either be expanded to say what TLS clients and servers > >> and configuration SHOULD / MUST do with D-level components. If it is too > >> difficult for the TLS WG to agree on specific actions, the draft should > at > >> least say that so that the reader knows what to do with these new > ratings. > >> Without such wording, the new "D" label becomes useless in practice, > which > >> is clearly bad for security and interoperability. > > The wording: > > Implementers SHOULD consult the > > linked references associated with the item to determine the conditions > > under which it SHOULD NOT or MUST NOT be used. > ...doesn't help software developers in many cases. Let's look at the first > value in Section 4, truncated_hmac. The "linked reference" is Section 7 of > RFC 6066. From the wording there, using truncated_hmac is just fine, even > though draft-ietf-tls-rfc8447bis gives it a "D". > > So, again: This draft should either be expanded to say what TLS clients > and servers and configuration SHOULD / MUST do with D-level components, or > tell readers why it is not. Telling developers "go look at every doc that > is liked from a D-level spec" is likely to cause them to not do so, and the > result will be insecure implementations and lack of interoperability. > The Recommended column is saying something different (you will notice it also does not capture MUST vs SHOULD for Y). I do agree that the documents which *set* the column should provide some normative language. -Ekr
- [TLS] Last Call: <draft-ietf-tls-rfc8447bis-11.tx… The IESG
- [TLS] Re: Last Call: <draft-ietf-tls-rfc8447bis-1… Paul Hoffman
- [TLS] Re: Last Call: <draft-ietf-tls-rfc8447bis-1… Joseph Salowey
- [TLS] Re: Last Call: <draft-ietf-tls-rfc8447bis-1… Paul Hoffman
- [TLS] Re: [Last-Call] Re: Last Call: <draft-ietf-… Salz, Rich
- [TLS] Re: [Last-Call] Last Call: <draft-ietf-tls-… Paul Hoffman
- [TLS] Re: [Last-Call] Re: Last Call: <draft-ietf-… Eric Rescorla