Re: [TLS] Additional changes for draft-ietf-tls-iana-registry-updates
Sean Turner <sean@sn3rd.com> Thu, 22 March 2018 10:07 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A446126C89 for <tls@ietfa.amsl.com>; Thu, 22 Mar 2018 03:07:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dpam5lukNm8n for <tls@ietfa.amsl.com>; Thu, 22 Mar 2018 03:07:21 -0700 (PDT)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA9B11205D3 for <tls@ietf.org>; Thu, 22 Mar 2018 03:07:20 -0700 (PDT)
Received: by mail-wm0-x22f.google.com with SMTP id i189so1695854wmf.0 for <tls@ietf.org>; Thu, 22 Mar 2018 03:07:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=P9qkKjfp2Q/E7KvJPc7WrOwqlxKVMUl0kkHh5WD5Y64=; b=ebd8SRumnMr+QH8Vo4EhaR4UeaLsFUmmfPIDFuD5ro65QmCXQFgdNQAAx4ELr/WUkF UuGo4dLSwREfZnPMGqDQQEDen1AIep1D2ncnPb/W9+3Z5NEWwEArRGxklOZBdT8Z921/ kEp5nVLw8/AHvQk9/u4jwJ/kIBbd5qibJvOYs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=P9qkKjfp2Q/E7KvJPc7WrOwqlxKVMUl0kkHh5WD5Y64=; b=Rj4XFv9DZ6emTKH0i3uK0C4yNpNdPnHBRS98Ueyv3cgr8Pk6sIFf3mYf09hpjtaLLM QTn/uA/Few+aLJtun/ogjpsptLpcNwG/SycGbWpHRuoB4gWbOcwuo8PFsA1s/GN3rSKR GhPsn0JjXnl5a8NSo5EIXRcAmBUYaTwJIr0Q6I5aj9CNXI4i3C8qceqxmVvZhm37baZJ B+NneeeazhdTw8W19hQhsQCgNblK9lyMcuoc9CfM2u29jf4MYGKo9eNejv9YofI3wYc3 TB0tOma2fuUQxssp5+oa/ea2Lzg36Qa7SgxOh7SZ0tZbz8ke1YFbV4LrGf9MFp4GOqhg qe8Q==
X-Gm-Message-State: AElRT7HMLbeUT5B0jkMJ3XTaK1dDCOF0U+Jv/HxVJt7sWB9etsavBk4m KlJwyuQ7JBN3IzbyNQjRxZnBaI8WSyw=
X-Google-Smtp-Source: AG47ELvcmq0mCg22vkgdDmHQuG5u6qDaZJBWy0B+xAnoouv40N4t76JdjpJ2uiOTCQBDoLzTT7zqpw==
X-Received: by 10.28.131.134 with SMTP id f128mr4783852wmd.55.1521713238914; Thu, 22 Mar 2018 03:07:18 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:1998:6442:8a4f:1029:ec86? ([2001:67c:370:1998:6442:8a4f:1029:ec86]) by smtp.gmail.com with ESMTPSA id b66sm5944764wmg.28.2018.03.22.03.07.18 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Mar 2018 03:07:18 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Thu, 22 Mar 2018 10:07:16 +0000
References: <505FCF83-C92E-4A90-83BF-4B2C4796EBE6@sn3rd.com>
To: "<tls@ietf.org>" <tls@ietf.org>
In-Reply-To: <505FCF83-C92E-4A90-83BF-4B2C4796EBE6@sn3rd.com>
Message-Id: <77875DAA-EE63-4EBA-8951-61F89D9FBAD8@sn3rd.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cvAxrmvI3UsNgiTKNLjGAYKKqSU>
Subject: Re: [TLS] Additional changes for draft-ietf-tls-iana-registry-updates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 10:07:22 -0000
I had a quick chat with the iANA folks about the HashAlgorithm and SignatureAlgorithm, which we are effectively closing by marking all unregistered bits as either reserved or depcreated. IANA suggested another way which is to just close the registry, An example for the registry follows: TLS HashAlgorithm Registry Registration Procedure(s) Closed see [this-to-be-rfc] Reference [RFC5246][this-to-be-rfc] We’d make the following changes to the draft: OLD: [SHALL update/has updated] the TLS HashAlgorithm Registry to list values 7-223 as "Reserved" and the TLS SignatureAlgorithm registry to list values 4-223 as "Reserved”. NEW: [SHALL close/has closed] the TLS HashAlgorithm Registry and the TLS SignatureAlgorithm registries for new assignments. I personally think this is cleaner that reserving the values. But, it does mean that this registries are closed for assignments. spt > On Mar 16, 2018, at 14:01, Sean Turner <sean@sn3rd.com> wrote: > > During Adam Roach’s AD review of draft-ietf-tls-tls13, he noted something about the HashAlgorithm and that made me go look at what was said in draft-ietf-tls-iana-registry-updates. Turns out that 4492bis assigned some values draft-ietf-tls-iana-registry-updates was marking as reserved. I have fixed that up in: > https://github.com/tlswg/draft-ietf-tls-iana-registry-updates/pull/65 > > One further point brought out in discussions with Adam was that if we’re really closing the HashAlgorithm and SignatureAlgorithms registry we need to also mark 224-255 as deprecated. Currently these are marked as Reserved for Private Use. So the question is should we mark 224-255 as deprecated in these two registries? > > spt
- [TLS] Additional changes for draft-ietf-tls-iana-… Sean Turner
- Re: [TLS] Additional changes for draft-ietf-tls-i… Benjamin Kaduk
- [TLS] (crypto agility may benefit from private ex… Rene Struik
- Re: [TLS] (crypto agility may benefit from privat… Eric Rescorla
- Re: [TLS] (crypto agility may benefit from privat… Rene Struik
- Re: [TLS] (crypto agility may benefit from privat… Eric Rescorla
- Re: [TLS] Additional changes for draft-ietf-tls-i… Sean Turner
- Re: [TLS] Additional changes for draft-ietf-tls-i… Peter Gutmann
- Re: [TLS] Additional changes for draft-ietf-tls-i… Sean Turner
- Re: [TLS] Additional changes for draft-ietf-tls-i… Salz, Rich
- Re: [TLS] Additional changes for draft-ietf-tls-i… Benjamin Kaduk
- Re: [TLS] Additional changes for draft-ietf-tls-i… Salz, Rich
- Re: [TLS] (crypto agility may benefit from privat… Alex C
- Re: [TLS] Additional changes for draft-ietf-tls-i… Benjamin Kaduk
- Re: [TLS] Additional changes for draft-ietf-tls-i… Salz, Rich
- Re: [TLS] Additional changes for draft-ietf-tls-i… David Benjamin
- Re: [TLS] Additional changes for draft-ietf-tls-i… Benjamin Kaduk
- Re: [TLS] Additional changes for draft-ietf-tls-i… Salz, Rich
- Re: [TLS] Additional changes for draft-ietf-tls-i… Sean Turner