Re: [TLS] IANA Recommendations for Obsolete Key Exchange
Rob Sayre <sayrer@gmail.com> Mon, 15 April 2024 17:42 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32140C14CE27 for <tls@ietfa.amsl.com>; Mon, 15 Apr 2024 10:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bd6PUdnIVCM1 for <tls@ietfa.amsl.com>; Mon, 15 Apr 2024 10:42:31 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55FB8C14F74E for <tls@ietf.org>; Mon, 15 Apr 2024 10:42:31 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a44ad785a44so417702566b.3 for <tls@ietf.org>; Mon, 15 Apr 2024 10:42:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713202949; x=1713807749; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=I/bFfAnKas+UpzyYPr1RdA4oVJ+/+KEXB7/FQ1PyAJA=; b=TNO2hni60EsbIjqGVRSsuebI/gb4Z+iwdvbUT9uoIDHRN/kmAWhKBdDxIM9SYcVill wdbHQ1VtRpt+cMBCgqnE4kgk1tnLnIrYnCmMjHa0O+WOmcF8rw3hH9BdeVbfKPgPvxZn fSsVMSew6n+uVRINbV9fMJId6t0BJNi0LCa7zLlTrIcKNu6yQvUOLRCctFgSa3+K+/gb /XtPMJ8Ifb+z8IsKSwj21/lMHL9dXdysgRsgfJjsMZSdSzHgWWYnK0itlYgVGBB8XZoI NO/Rhq+lXGy8S18ShFgequVRs7oqgS7p5UQt8vJBJOaTT5WUiEBjI8UkbYOHpF3oCHIQ 1B2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713202949; x=1713807749; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=I/bFfAnKas+UpzyYPr1RdA4oVJ+/+KEXB7/FQ1PyAJA=; b=VImJqhnbp6l6FWZS2Ak0niUTbgmcEB1+GIKyeE4QXHS4toU6Qb4nteBvStvEi5+A0r Z2Z60Cx1W/9BMxp4eyaBfI4hDCFwJtQuvzsrH133b7WU9T6XDx2aqh4YdxWww5KrjDr7 oZuIXL/nNENE0bzXv3LBLFJCW7W7uQvo8mS5+Nd2E6lMYPgj4TY3elDHuY/os0bJG+gT WKB+3f+AwaDsJv0LVAQni2KBUaMXhSaxFdj6Zslmt18MGkYAlrogFe+KM8SjP7xEhjLq q3Hv4BgRKM+MVlEdTG+pk52z04hZqcGRoL7+BC7JwMzNCvPY/bN0eSYuotQvVdgkcGtP oVNQ==
X-Gm-Message-State: AOJu0YwHjHemsvpTWvNRCVutXNt7qN1SKq9ORsYWIt6GVrjpAU+qApKv +EzKbH6i56B+1z/7FVwV1hJzgq5jpVorH0RT4bdZiDQ5+uvk3Btub3jEQph0ZHN+5j86eEsIb8m wW4sgd9K+JVn/thHLjWvJUCplbGwRB+E49ZVmLQ==
X-Google-Smtp-Source: AGHT+IFVftWhFW6GPD0Zl4OBEFBKTNV/nXzG+kju+bry7dmrXG3r1we3Ma8FN3Ixl+pKMhBJnf9JNEbx/Jqj/KMwiG8=
X-Received: by 2002:a17:907:7da1:b0:a51:db9e:4cce with SMTP id oz33-20020a1709077da100b00a51db9e4ccemr8062731ejc.3.1713202948977; Mon, 15 Apr 2024 10:42:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAOgPGoDZbdQD_i+u4=XQ7gRmJPOHM-T+Q-=dzRQh-+cs3ZLEkg@mail.gmail.com>
In-Reply-To: <CAOgPGoDZbdQD_i+u4=XQ7gRmJPOHM-T+Q-=dzRQh-+cs3ZLEkg@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 15 Apr 2024 10:42:17 -0700
Message-ID: <CAChr6SwZWRmzHYenC+Dd7hUwsB75VMh45SCde3pWVcSOt7OXmw@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000033bf28061626255f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/c7qqYRWCwaMT23j1AYIX9hfuTaE>
Subject: Re: [TLS] IANA Recommendations for Obsolete Key Exchange
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 17:42:35 -0000
I don't really feel strongly about this issue, but the document left me feeling a little lost concerning ECDH. I think documents should always explain the concerns around an RFC 2119 "SHOULD" or "SHOULD NOT". It's fine if "there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful", but what are they? thanks, Rob On Mon, Apr 15, 2024 at 10:30 AM Joseph Salowey <joe@salowey.net> wrote: > At IETF 119 we had discussion on how to mark the ciphersuites deprecated > by draft-ietf-tls-deprecate-obsolete-kex in the IANA Registry. At the > meeting there was support for ('D' means discouraged): > > RSA ciphersuites should be marked with a "D" > FFDH ciphersuites should be marked with a "D" > FFDHE ciphersuites should be marked with a "D" > ECDH ciphersuites should be marked with a "D" > > This aligns with the deprecation intent of the draft. The draft states > ECDH are a SHOULD NOT instead of a MUST NOT, but the sentiment was they > should be generally discouraged. > > Please respond with any comments on this proposal by April 30,2024. > > Thanks, > > Sean, Deirdre and Joe > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] IANA Recommendations for Obsolete Key Excha… Joseph Salowey
- Re: [TLS] IANA Recommendations for Obsolete Key E… Rob Sayre
- Re: [TLS] IANA Recommendations for Obsolete Key E… David Benjamin
- Re: [TLS] IANA Recommendations for Obsolete Key E… Martin Thomson
- Re: [TLS] IANA Recommendations for Obsolete Key E… Hubert Kario