IETF Logo Mail Archive

Re: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?

John Mattsson <john.mattsson@ericsson.com> Wed, 06 December 2023 15:46 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE95C14F60D for <tls@ietfa.amsl.com>; Wed, 6 Dec 2023 07:46:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.762
X-Spam-Level:
X-Spam-Status: No, score=-0.762 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qe-Joo9Pqsxo for <tls@ietfa.amsl.com>; Wed, 6 Dec 2023 07:46:36 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2067.outbound.protection.outlook.com [40.107.20.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CF64C14F5E7 for <tls@ietf.org>; Wed, 6 Dec 2023 07:46:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DtnGi9hvqV8sDDkgT3zh/y3LGtXVSetw6YQo8v3EGmVO0MjeAZly+aVdvj72S3t06MCpM6PnUIZkPYhgOaY2yyc124KJiPGG84jzMd7xMJ0tC7kQ5iVKB6nqZI6ILOghUOgb+eVNpFUHjgaI5ArkflBpn63It4LvxPS6q+n1BfBDhCQjiJ0x9IO8bL579kwhomdMu/YbZ1CKUKRFYJcfWOGc7uCW814WNFphEKHgWsqqPtnucCMlPAhGF3K4QbBtatIKMVA/XQrQXJH6+zfhR3Fy6uqw87hrMsdqDohm3u+Se81av8CNzOfal6hvoML5s3ZeYnKYK2P+E066QG3gKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WIpWrfBMBFSisBYWoqRfeSS4cS+Pcby+Xve4ItX7PgA=; b=OVnA2mCYfHUrvt01f1U2u6gUoFH6TtxDGvcK3TxEvJlRwtn9/0htikVJ69de5OBhio13EgwjaXx50Vn09RuFMUyGzktxkRoRGUIyB/qv7EquU/0Sf/BkQhpo61LBGHh34SnNvWtEI0l8qIIac0cZJpXGbF8nICOaKBijFbyxOFAmn3p0tewq3TldozJascPQwGIcKIMOUMxqvFm3lP+S05CM+1LRt6RjeSZ45BQd86ez7EDb6YWKI5R8rLdZT+Be8nx83PEBWcA/Nvq9cLdfG10n8Iu0wps1JKWPHwwCgewWH+KRgNI5PK9SsXLYscVTGbzyiCNfREBXEPIYK0yxEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WIpWrfBMBFSisBYWoqRfeSS4cS+Pcby+Xve4ItX7PgA=; b=GO1XsaYZ4O5xL2J58l//Aof8pQ50QhcspnG1SPls2jMvQEIrcn9M75WVDkM8R9V5GmhUF1RDSyxv1N34ekAy+cqR+Wwp+yRe6Q61mpBB/CKl2Da8QrTgGh558bXdhEDsTYL2QqUSAJ7+VOYYKM6Htfh+/OsDy4sPQQuCfU0XspnnAPsM0e5ApS7Rw60KRZtx3tofUsZN0yp/C+p0WtERJsG6uewBkAXnWhm7SiiiBHBF+AXORp33TQEE0t1L1KxgB10vWYZBx4QlXY+wAX3z5kXpawSh0POZceNBMVHs0zJoe4kKciJmlGj3ZKwPjtUJcoFAnYvGDwiduHzf479AtA==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DB9PR07MB7275.eurprd07.prod.outlook.com (2603:10a6:10:214::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7046.34; Wed, 6 Dec 2023 15:46:32 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::5b7e:93e:145a:7cbb]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::5b7e:93e:145a:7cbb%2]) with mapi id 15.20.7046.034; Wed, 6 Dec 2023 15:46:32 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Sean Turner <sean@sn3rd.com>, "Salz, Rich" <rsalz@akamai.com>
CC: TLS List <tls@ietf.org>
Thread-Topic: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?
Thread-Index: AQHZc7yk5dYhdyelckCbTfzFW/WfR7CdJieqgACtp4D//9xXgIAAHVwP
Date: Wed, 06 Dec 2023 15:46:32 +0000
Message-ID: <GVXPR07MB96786BB3FEA1EBC78B2C9ADA8984A@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <4E5AE0C0-E9FD-4BF8-8102-81F4A236C32B@akamai.com> <GVXPR07MB9678C46D361929DA5D14370B8984A@GVXPR07MB9678.eurprd07.prod.outlook.com> <18950AB7-02F8-4D3F-A786-AB233DC489A0@akamai.com> <3976BB0F-9649-4815-BE74-D433240D2833@sn3rd.com>
In-Reply-To: <3976BB0F-9649-4815-BE74-D433240D2833@sn3rd.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DB9PR07MB7275:EE_
x-ms-office365-filtering-correlation-id: 116f502d-e078-40bc-34a7-08dbf672850d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: J1A4Gq6ETlw+sg/q3wyy2c7UtYBIMu7M3j6PdDKnTGgcpvbMsYQi84RiwtZVN+b2MRwsQEVqE98tbzPddiHv1bLxPInkZjjnIU1IgGs7ts3DIGGzTzMHDYzYHj+TIB2+mmjIwO8JAtSlC8ggjwcVjObiF8TbbYv/tdG1lSmGPO1Vx+k68xYXyZ/uGj74pd92FovE44FrSOBkgL/zBuKpaoGMNzWAk3ATIb/bH/NNwbnplVen1M0cWPSc0MCe6AW0YcxXhc/SCLJiuL8Cw4V58ewq/WZBcBe4YkZ1DZbEiEArghoKOsbU19wNB3infaAHizADnvGmsTzJb1qR5r/BDu1+V789H9/9IGeEr/QT4la/exBOXw6v0CJ3hn+jmiGQBwKoD6Wwy93VPX9fAT2Xsr0uLfzrywq1odqIq0kNIiKA6bCGxwlacgvIws7vGy582MaLJzpW0fy5fNPAeNlKyV7mJ7SLpclksa4MutlDa1xXH5CXYEjRh3dZRqEn+DsDu8RH573DmjF4SiGP3l7HOxJ2FCiJDu/tguJDBJxzptnrJWzblCqR/kTeqTLgGKIVp0V5yqaxtN+GS1HoXUQpEQ2WXMAY3fy/UuD0qxVUAGaqZJAwDHRplnFLvnhQZTwcLBd5AfBKPE7x4WBkbxJkgTBTWINyxacBQCsMONNaV2RiOu/twaKgx8G2pjE/bvcH
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(39860400002)(366004)(136003)(376002)(346002)(230922051799003)(64100799003)(186009)(1800799012)(451199024)(110136005)(122000001)(966005)(478600001)(53546011)(71200400001)(6506007)(7696005)(82960400001)(8676002)(38100700002)(8936002)(316002)(66946007)(66556008)(64756008)(66476007)(66446008)(9686003)(76116006)(26005)(55016003)(166002)(52536014)(5660300002)(2906002)(44832011)(4326008)(41300700001)(86362001)(38070700009)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XQaWN8867PLtIjARk5elDmLBBMAJFohH4Fa5l83Av2tzHERT0eemGyeCrHk1MdbPwqFv8+cWEw5zveJLdVJsHQ+pVA1Y/II0yY/+Y+GlDUzIQ19gTdzu2G7ZDusgbebAXIikovpJiOcWR39xJe4Dw6DJq6SH70MXdafuNAurmvhZ+ZCZfNhbT7fDnuli7fRqzl7Yad+1SEpCBwIBFAP9nYEIiHkgu2/LxMu/cf07zjoVBY5yNQhvhdyz77CYDQJGIHIByxqP8LzNEwa1G3+/AnBPYDNz4/WGxUS2XregI2I2Qpk9gYvlbkxwOdVfdcT0SEiakMsQoyE//qJQTJCTkmN+rbp8Zhuq65FIA11xnY8bCwmvp1VJJs5CIqlhOad/FFRtBu5jctgtGcEOjV6uoZzXVZD8/I49b93Aqja5a/hpM38sMpD9bP8DS5XIPehsJLUy7XDN2NLHt3NETfIfBT2a4E6OGWDowWrKVqIeu349ziXVfs3oaRjhHpA5sQa+Y2oMNgO9xW5EBAG2HpdwJ5V1AQn5LiMfb5afVN+VAQdgVoIAKpehqyLBRZ6udT4pM8M+X9luVIL3V0WxLFmBqB22kuru2YJrrddPw63VMQXym7w4ttv2bOy7ku1NDqHDkFsLlnkpY1mJsrj3H5+X220QqLFSJXgVcU79hRBUab/6x67X2sqnw2z4WffG/qLXTl5pAt7n5A/cCffhiiMQc+i55LImz0Qf7dsIdX/roeHwDgrHhpdgAOxmSygt1F1dTmvY3EpTxGak5ecvb+2gX1fn6ObelOirGkjCVgXb08cYig151nPFN41NAawWBIjxLaYEa27xCA3VJS6JxLa6nMOJM7nbkyu4wHZMg5VavRWzhzF06XndF+QBNmM56KAWOunBJQ435W1aSMKc5nV5ZnrHVrt9WOmtSNh7im4GsXN3p2QjVZI2NpwHzdadDzUdRwWLf1LRHiiPOQJ6t6Q/yygvjdMthzv77gaqFOesg4EIBcEgwkoRyGOIr0c9dv3LfW5r8SycEWYJHDHOs9Bu7RngRu+/TXlnWpLhj3MP8btC1ztudYXGN8/sg3TfRKdVBZBsseaRTsqonYVn7Dy232G14PqAain4iIfr6CrFfe0wDKsEAzgLRiYcpvvhWZet51ukFeTjzwxrCmHeannwxYVPLzpixTwYedz3i0E0BqZii7bo0GeAFrjZ5qcMiQfrIi6ZEj/bfkZXqi7GZ/2t2/hEF04FZcx9cDmvv6ju77BahIkHUP4XpviWRooAoMNMmgBzxL/uItULLbxtqiQ9s23/469SLk9cr8dCK39znGuTM/4YlyOTQ3wCLmB/cBZOu46C+YCwzaWoHX9C8wyJr0/JE11sTMumlA4xt09groWMJbl2KnJUueMc1E/iOydS3rCEJOyt3LZMovcj/EK5HgtEF0iVcBuBEngnEKkPIaaskPhSt0oBhNwKLSsFvNclB5WMn+r4wh9fI+Fe53jcT9AwgyzyYlWMvwwggk84neh4KsDAgUQ11wT4riJx/HMYzUb1QcH9vV8EmVrbZg4jw7XPrf6qXpceRcLz8IN4lWgAoRRR5fK+rbGDmTpTILdufTUOWAEsWwWxK2X9HgxW07+pSQ8aS8Ntv/KlF9ZujKk=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96786BB3FEA1EBC78B2C9ADA8984AGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 116f502d-e078-40bc-34a7-08dbf672850d
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2023 15:46:32.1813 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PBvI6G5wkEatgIRGIht51iMxUNbC7v50lJQsPpYNIkxRCUovOo/jx0r/dOid/6gYWLzE28XfM52P5ulYSpJtqresQWGabKypKM6CDNQOy6Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB7275
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eY5TWQL16zb1nQihkOGtHQtxYWc>
Subject: Re: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2023 15:46:40 -0000

That sounds great.

Who is doing the work of adding “for TLS 1.3 and later”?

My understanding is that the currently registered TLS 1.3 cipher suites are:

Value
Description
DTLS 1.3
QUIC
0x13,0x01
TLS_AES_128_GCM_SHA256
Y
Y
0x13,0x02
TLS_AES_256_GCM_SHA384
Y
Y
0x13,0x03
TLS_CHACHA20_POLY1305_SHA256
Y
Y
0x13,0x04
TLS_AES_128_CCM_SHA256
Y
Y
0x13,0x05
TLS_AES_128_CCM_8_SHA256
Y
N
0x13,0x06
TLS_AEGIS_256_SHA512
Y
Y
0x13,0x07
TLS_AEGIS_128L_SHA256
Y
Y
0xC0,0xB0
TLS_ECCPWD_WITH_AES_128_GCM_SHA256
N
N
0xC0,0xB1
TLS_ECCPWD_WITH_AES_256_GCM_SHA384
N
N
0xC0,0xB2
TLS_ECCPWD_WITH_AES_128_CCM_SHA256
N
N
0xC0,0xB3
TLS_ECCPWD_WITH_AES_256_CCM_SHA384
N
N
0xC0,0xB4
TLS_SHA256_SHA256
N
N
0xC0,0xB5
TLS_SHA384_SHA384
N
N
0xC1,0x03
TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L
N
N
0xC1,0x04
TLS_GOSTR341112_256_WITH_MAGMA_MGM_L
N
N
0xC1,0x05
TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S
N
N
0xC1,0x06
TLS_GOSTR341112_256_WITH_MAGMA_MGM_S
N
N

(The DTLS 1.3 and QUIC information is my understanding. It is currently not in the IANA registry).

Note that “for TLS 1.3 and later” and “DTLS-OK” is not enough as some cipher suites (the _ECCPWD_ ones) seem to be valid for TLS 1.2, TLS 1.3, DTLS 1.2 but not DTLS 1.3….

I think the notes column should contain info on DTLS 1.3 and QUIC as well.

Do we need some guidance/requirements on naming and use of TLS 1.3 cipher suites?
The _ECCPWD_ ones seem to include authentication in the TLS 1.3. The _GOSTR341112_ seems to include authentication and key exchange…. I did not think this was how TLS 1.3 cipher suites were supposed to be used.

Cheers,
John Preuß Mattsson

From: Sean Turner <sean@sn3rd.com>
Date: Wednesday, 6 December 2023 at 14:55
To: Salz, Rich <rsalz@akamai.com>, John Mattsson <john.mattsson@ericsson.com>
Cc: TLS List <tls@ietf.org>
Subject: Re: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?

> On Dec 6, 2023, at 08:02, Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> wrote:
>
> Yes, I think information regarding if a cipher suite is for TLS 1.3 is very needed to have.  I already asked for that in
> https://mailarchive.ietf.org/arch/msg/tls/0gDKfXJvAemFDm7MWcS1DTDVIe8/
>
> In addition, I would also like to information if the cipher suite can be used in QUIC.
>
> The 8447bis draft added a notes column to every TLS registry. The “1.2 is frozen” draft says to use it to indicate things like “for TLS 1.3 and later”. It’s a free-form text field, so we can direct IANA to put anything we want. :)

Yep we added it via:
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-cc6bdfdfb39824c6&q=1&e=9148a29f-ecfe-46e0-869e-33ffd8475127&u=https%3A%2F%2Fgithub.com%2Ftlswg%2Frfc8447bis%2Fpull%2F48

spt

v2.23.0 | Report a Bug | By Email