IETF Logo Mail Archive

Re: [TLS] PR#345: IANA Considerations

Eric Rescorla <ekr@rtfm.com> Tue, 17 November 2015 19:15 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D1401B3398 for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 11:15:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N5XUbIYnGG5h for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 11:15:13 -0800 (PST)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFBC61B3386 for <tls@ietf.org>; Tue, 17 Nov 2015 11:15:12 -0800 (PST)
Received: by ykfs79 with SMTP id s79so23728969ykf.1 for <tls@ietf.org>; Tue, 17 Nov 2015 11:15:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=Im0YZJNpFg3e0slj6ldFMWOZota5611VrmGm46gNlhE=; b=QLVhsTzu4IIIMo/YSwm4bDUVPBg0kCo2p7YRJmgyEtbUadXxR2MondcC0ksTQh5wNL rHJJ2HiT1vT/DUyjBWfn082MPN4rPHBVg8GtO8ScE2xAuInQa7F/0NU4dAx0Xviw/yzs 3B1SzNjptveogRrX/nhh8kgCqGcv2XmRrFITI4c0M4n+Aibnp0gKChU2YnDEbRbh2xXy DttPxvf32lRXijqFGPH2GuLpwn3Dh9fyopvddbun8jVed8ODU6b7Ft55QCd6T1iYs7h1 uAM/kgWDjDr2J8kw2LBcy9VGn6s1lsZR4KA4z1soCX9dwlN4kH1qf3vaL9GcF215NFla bW/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=Im0YZJNpFg3e0slj6ldFMWOZota5611VrmGm46gNlhE=; b=kOobZiYoPq05u2grayrXw53POKE39XmNV2whTfpB35m5E5z/JVQvQPCLV+moBKuNkL 0He++mCjbUJqZVSAYIr001adcwcLGHe8MHzLoKHUDUr+vIIv4DgENZJjPljpOTGRHP+b bF8pTqhqQ94VfCNP9bKw5c39Xh04cDczX43NA86p9VNmILMbAI7lMFc7+gUgVWZJJfTN FCz2amaOP5DyUO5iVWsVe/AX0bgHQbLy4KbnzvnLEpRdZgtUj0Hqfj5tAt1N9vRrBpNa wYDHMnW/jiOTljNzwOs5sX0LOTTAnYY2leS3cdwSuPUR4jilNm4F+ir6cGgRenEqErVu i6KQ==
X-Gm-Message-State: ALoCoQmSuUrXlXnQ7zHJUMQPky8a8jOvT0MqZWLtmZyqrSsb7xxu9lgAK/yrdnwFdX/kvU2waoz2
X-Received: by 10.129.73.145 with SMTP id w139mr32485232ywa.223.1447787712162; Tue, 17 Nov 2015 11:15:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.221.203 with HTTP; Tue, 17 Nov 2015 11:14:32 -0800 (PST)
In-Reply-To: <20151117190651.GJ18315@mournblade.imrryr.org>
References: <CABcZeBNMkJSQAm0gFZdecG8Nf+df+heP2V_u9pXGJmb7jV4BcQ@mail.gmail.com> <CABcZeBOD71keb_yE4EumgkOxXfOCnsniLrhDa3tHzsioE2E2bw@mail.gmail.com> <EAA07156-6F05-488B-A3E5-175100989449@sn3rd.com> <CABcZeBMn4BcpYLgoqFb=PuW92jnfhEK8cw7nStZEyh9RDdN6XQ@mail.gmail.com> <A61BBA75-2594-4DF7-8EF6-887B2F001DA1@sn3rd.com> <7276DA5B-0563-4D70-A611-96A2E80CAECB@tableau.com> <CABcZeBMN3mL3KYjMEjBqeZ+33it5Oi4BvO8zdz-2aXcs479bTQ@mail.gmail.com> <20151117190651.GJ18315@mournblade.imrryr.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 17 Nov 2015 11:14:32 -0800
Message-ID: <CABcZeBPHc0sS83=-u9ahT-JkXdMFTryiGZzwqRRa4anFbWPTGg@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a114d73624b7a160524c158b8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/gyBxe2tddC3P_bC3BeMdORvXAeU>
Subject: Re: [TLS] PR#345: IANA Considerations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 19:15:14 -0000

On Tue, Nov 17, 2015 at 11:06 AM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> On Tue, Nov 17, 2015 at 09:51:32AM -0800, Eric Rescorla wrote:
>
> > My proposal is that we:
> >
> > - List all the Standards Track cipher suites that are compatible with TLS
> > 1.3 in Appendix A.
> >
> > - Mark all the cipher suites that are listed in Appendix A as
> "Recommended"
>
> Where does that leave ciphersuites that are "Recommended" for TLS
> 1.2, but TLS 1.3?  Or do none of the CBC block ciphers in TLS 1.2 qualify?
>

Yes. The proposed intention was that for the same reasons we moved to
AEAD for 1.3, we would only Recommend AEAD for TLS 1.2. Note that
this is consistent with the guidance in both RFC 7525 (which recommends
AEAD) http://tools.ietf.org/html/rfc7525#section-4.2 and RFC 7540
which blacklists the non-AEAD cipher suites
(http://tools.ietf.org/html/rfc7540#appendix-A)

-Ekr

v2.23.0 | Report a Bug | By Email