Re: [TLS] Additional changes for draft-ietf-tls-iana-registry-updates

Sean Turner <sean@sn3rd.com> Thu, 22 March 2018 10:07 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A446126C89 for <tls@ietfa.amsl.com>; Thu, 22 Mar 2018 03:07:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dpam5lukNm8n for <tls@ietfa.amsl.com>; Thu, 22 Mar 2018 03:07:21 -0700 (PDT)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA9B11205D3 for <tls@ietf.org>; Thu, 22 Mar 2018 03:07:20 -0700 (PDT)
Received: by mail-wm0-x22f.google.com with SMTP id i189so1695854wmf.0 for <tls@ietf.org>; Thu, 22 Mar 2018 03:07:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=P9qkKjfp2Q/E7KvJPc7WrOwqlxKVMUl0kkHh5WD5Y64=; b=ebd8SRumnMr+QH8Vo4EhaR4UeaLsFUmmfPIDFuD5ro65QmCXQFgdNQAAx4ELr/WUkF UuGo4dLSwREfZnPMGqDQQEDen1AIep1D2ncnPb/W9+3Z5NEWwEArRGxklOZBdT8Z921/ kEp5nVLw8/AHvQk9/u4jwJ/kIBbd5qibJvOYs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=P9qkKjfp2Q/E7KvJPc7WrOwqlxKVMUl0kkHh5WD5Y64=; b=Rj4XFv9DZ6emTKH0i3uK0C4yNpNdPnHBRS98Ueyv3cgr8Pk6sIFf3mYf09hpjtaLLM QTn/uA/Few+aLJtun/ogjpsptLpcNwG/SycGbWpHRuoB4gWbOcwuo8PFsA1s/GN3rSKR GhPsn0JjXnl5a8NSo5EIXRcAmBUYaTwJIr0Q6I5aj9CNXI4i3C8qceqxmVvZhm37baZJ B+NneeeazhdTw8W19hQhsQCgNblK9lyMcuoc9CfM2u29jf4MYGKo9eNejv9YofI3wYc3 TB0tOma2fuUQxssp5+oa/ea2Lzg36Qa7SgxOh7SZ0tZbz8ke1YFbV4LrGf9MFp4GOqhg qe8Q==
X-Gm-Message-State: AElRT7HMLbeUT5B0jkMJ3XTaK1dDCOF0U+Jv/HxVJt7sWB9etsavBk4m KlJwyuQ7JBN3IzbyNQjRxZnBaI8WSyw=
X-Google-Smtp-Source: AG47ELvcmq0mCg22vkgdDmHQuG5u6qDaZJBWy0B+xAnoouv40N4t76JdjpJ2uiOTCQBDoLzTT7zqpw==
X-Received: by 10.28.131.134 with SMTP id f128mr4783852wmd.55.1521713238914; Thu, 22 Mar 2018 03:07:18 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:1998:6442:8a4f:1029:ec86? ([2001:67c:370:1998:6442:8a4f:1029:ec86]) by smtp.gmail.com with ESMTPSA id b66sm5944764wmg.28.2018.03.22.03.07.18 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Mar 2018 03:07:18 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Thu, 22 Mar 2018 10:07:16 +0000
References: <505FCF83-C92E-4A90-83BF-4B2C4796EBE6@sn3rd.com>
To: "<tls@ietf.org>" <tls@ietf.org>
In-Reply-To: <505FCF83-C92E-4A90-83BF-4B2C4796EBE6@sn3rd.com>
Message-Id: <77875DAA-EE63-4EBA-8951-61F89D9FBAD8@sn3rd.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cvAxrmvI3UsNgiTKNLjGAYKKqSU>
Subject: Re: [TLS] Additional changes for draft-ietf-tls-iana-registry-updates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 10:07:22 -0000

I had a quick chat with the iANA folks about the HashAlgorithm and SignatureAlgorithm, which we are effectively closing by marking all unregistered bits as either reserved or depcreated.  IANA suggested another way which is to just close the registry,   An example for the registry follows:

	TLS HashAlgorithm Registry

	Registration Procedure(s)

	Closed see [this-to-be-rfc]

	Reference

	[RFC5246][this-to-be-rfc]

We’d make the following changes to the draft:

OLD:
    [SHALL update/has updated] the TLS HashAlgorithm Registry to list
    values 7-223 as "Reserved" and the TLS SignatureAlgorithm registry
    to list values 4-223 as "Reserved”.

NEW:
    [SHALL close/has closed] the TLS HashAlgorithm Registry and
    the TLS SignatureAlgorithm registries for new assignments.

I personally think this is cleaner that reserving the values.  But, it does mean that this registries are closed for assignments.

spt

> On Mar 16, 2018, at 14:01, Sean Turner <sean@sn3rd.com>; wrote:
> 
> During Adam Roach’s AD review of draft-ietf-tls-tls13, he noted something about the HashAlgorithm and that made me go look at what was said in draft-ietf-tls-iana-registry-updates.  Turns out that 4492bis assigned some values draft-ietf-tls-iana-registry-updates was marking as reserved.  I have fixed that up in:
> https://github.com/tlswg/draft-ietf-tls-iana-registry-updates/pull/65
> 
> One further point brought out in discussions with Adam was that if we’re really closing the HashAlgorithm and SignatureAlgorithms registry we need to also mark 224-255 as deprecated.  Currently these are marked as Reserved for Private Use.  So the question is should we mark 224-255 as deprecated in these two registries?
> 
> spt