Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 31 March 2016 13:45 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D54C12D0EF for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 06:45:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.841
X-Spam-Level:
X-Spam-Status: No, score=-1.841 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TiFOKxD9h_km for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 06:45:50 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37D1612D150 for <tls@ietf.org>; Thu, 31 Mar 2016 06:45:49 -0700 (PDT)
Received: from [192.168.10.140] ([200.89.69.175]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MbsV8-1aTY6R0UaM-00JKyh; Thu, 31 Mar 2016 15:45:46 +0200
To: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
Message-ID: <56FD2A0A.1050607@gmx.net>
Date: Thu, 31 Mar 2016 15:45:46 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="jsPC9EieQSB3iPRegBtggPiqJo7a3TwnR"
X-Provags-ID: V03:K0:KD3jagg9TnkKB51GPzmMWNgn9EBHAQ1v5jla+raHclItyWfNfU/ inPE/d3Et3i3m23NZO2IXbJyLAuiAhhs6IvGIPE/krd/pXCzwmcvQi5oWEcqcHljgF1Dxbt 9qCZtItnWBXgndh5gLdjKlvc+78CfGgMRDdHe41tW0CEspGDrLMDDPWpa6S6k87SIqjf1Hm ZNq6/8z+1XWYDOQO6R2dg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:tz90H3aEpdM=:5C/TK4SLtACSBPKR8OhhEd sh1g1GuTCb4dexWQikBd0qQ4kOHdrac7AewsMUDMiVxvHXQ8bjCjkhs96ySzZy6zPgEPkxsPG o4vtm8zpbYs9DKT+KtvpailOZ8DwuiGgXd/oC6BC4h0BVxv5qgVQyqvzeh3frJ162/veNEjjH bsfcFrkEl3E60JGr3U1NPZOZc0vLbSwln2m36jSzJl0E+vs66qqM/fwe+0UC4D4WANUjtikgD vLL277MuXSveEekiRx2PofcRq5v0jcq01T5VR96RXFbkyegNNsxJN2/aae3BXvTcX8kbK1yDr dkpuETQF0dvA9FDwikBzinafpn20dgCNaKa0z0y0jarjN6W/rha5zt3m7koA83BoHPsfm6vkB jzOhdfELqWKdl0w2YXowPtLDV3htzzmrp6tI7hUt9Pl9TPpTtijl5YmuUrAvYQd81grCla/8L g1OwCGDKiT2bUA5QQd8akNEN4XU+eaGwkDyRnYWXiK674f9xnBHXTl45r9oLFCwtR4mYis9sS G9v8RFgml+I7dYg1MMNn2UiuwNrAkYZ7sd6nwEjELlmbMDzMCJAPJHakdYzLWDHOq4ea60Vy6 oRZQqlD31Xl3Szp4JR+6Z6VMlGTjZFnKz8Qjpm9iOxrKRRziHLyLgcJkoL70pTXa35knwGLgt b0ghU31ZPzMjKH5agLP3m8H/TwSPbZXBtCvmtUUKfCWmkyzun0kLtmz7bWj7K4iNO8EN1KJ7E qgin1lPSEtsjj+GDxpZBveJcQr4ivTlLexBuFpJGjvs+u1WYAPJWak5cyDY=
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ilwpfOr1avP_QxL0GI5GuM1rhPo>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2016 13:45:57 -0000
Hi Sean, What is the requirement for adding a spec to the list with the value IETF Recommended = "Y" (or to change an entry from "Y" to "N")? You mention two conditions: * IETF has consensus * Are reasonably expected to be supported by widely used implementations such as open-source libraries Of course, with all our work we expect them to be supported by widely used implementations. The future is unpredicable and therefore not a good item for making a judgement. I realy find document authors who have less interest to get their stuff deployed. Getting IETF consensus on specifications has turned to be easier than most people expect and the IETF published RFCs that have not received a lot of review. Large amount of review is not a pre-condition for consensus. While your idea sounds good it suffers from practical issues. I am worried that the process will not be too fair and may favor a certain type of community. Ciao Hannes On 03/30/2016 03:53 AM, Sean Turner wrote: > Hi! > > In Yokohama, we discussed changing the IANA registry assignment rules for cipher suites to allow anyone with a stable, publicly available, peer reviewed reference document to request and get a code point and to add an “IETF Recommended” column to the registry. This change is motivated by the large # of requests received for code points [0], the need to alter the incorrect perception that getting a code point somehow legitimizes the suite/algorithm, and to help implementers out. We need to determine whether we have consensus on this plan, which follows: > > 1. The IANA registry rules for the TLS cipher suite registry [1] will be changed to specification required. > > 2. A new “IETF Recommended” column will be added with two values: “Y” or “N”. Y and N have the following meaning: > > Cipher suites marked with a “Y” the IETF has consensus on > and are reasonably expected to be supported by widely > used implementations such as open-source libraries. The > IETF takes no position on the cipher suites marked with an > “N”. Not IETF recommended does not necessarily (but can) > mean that the ciphers are not cryptographically sound (i.e., > are bad). Cipher suites can be recategorized from N to Y > (e.g., Curve448) and vice versa. > > 3. We will add a “Note" to the IANA registry itself (i.e., on [0]) that matches the above so that the same information is available to those who don’t read the IANA considerations section of the RFC. > > Please indicate whether or not you could support this plan. > > Thanks, > > J&S > > [0] In the last year, the chairs have received requests for: > > PSK: https://datatracker.ietf.org/doc/draft-mattsson-tls-ecdhe-psk-aead/ > AES-OCB: https://www.ietf.org/archive/id/draft-zauner-tls-aes-ocb-03.txt > Kcipher2: https://datatracker.ietf.org/doc/draft-kiyomoto-kcipher2-tls/ > dragonfly: https://datatracker.ietf.org/doc/draft-ietf-tls-pwd/ > NTRU: http://www.ietf.org/id/draft-whyte-qsh-tls12-01.txt > JPAKE: not sure they got around to publishing a draft. > > [1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] call for consensus: changes to IANA registr… Sean Turner
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
- Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
- Re: [TLS] call for consensus: changes to IANA reg… Dmitry Belyavsky
- Re: [TLS] call for consensus: changes to IANA reg… Henrick Hellström
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
- Re: [TLS] call for consensus: changes to IANA reg… Henrick Hellström
- Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
- Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
- Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
- Re: [TLS] call for consensus: changes to IANA reg… Ilari Liusvaara
- Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
- Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
- Re: [TLS] call for consensus: changes to IANA reg… Dave Garrett
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Bill Frantz
- Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
- Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
- Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
- Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
- Re: [TLS] call for consensus: changes to IANA reg… Martin Thomson
- Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Dang, Quynh (Fed)
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
- Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
- Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
- Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
- Re: [TLS] call for consensus: changes to IANA reg… Andrei Popov
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Watson Ladd
- Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
- Re: [TLS] call for consensus: changes to IANA reg… Watson Ladd
- Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
- Re: [TLS] call for consensus: changes to IANA reg… Phil Lello
- Re: [TLS] call for consensus: changes to IANA reg… Kaduk, Ben
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Phil Lello
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Adam Langley
- Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
- Re: [TLS] call for consensus: changes to IANA reg… Adam Langley
- Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
- Re: [TLS] call for consensus: changes to IANA reg… Aaron Zauner
- Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
- Re: [TLS] call for consensus: changes to IANA reg… Dang, Quynh (Fed)
- Re: [TLS] call for consensus: changes to IANA reg… Sean Turner