IETF Logo Mail Archive

Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

Phil Lello <phil@dunlop-lello.uk> Mon, 04 April 2016 15:50 UTC

Return-Path: <phil@dunlop-lello.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96F1D12D591 for <tls@ietfa.amsl.com>; Mon, 4 Apr 2016 08:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dunlop-lello-uk.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JMXPqt8tIg91 for <tls@ietfa.amsl.com>; Mon, 4 Apr 2016 08:50:43 -0700 (PDT)
Received: from mail-lb0-x233.google.com (mail-lb0-x233.google.com [IPv6:2a00:1450:4010:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11E5612D5F5 for <tls@ietf.org>; Mon, 4 Apr 2016 08:50:43 -0700 (PDT)
Received: by mail-lb0-x233.google.com with SMTP id u8so167167437lbk.0 for <tls@ietf.org>; Mon, 04 Apr 2016 08:50:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dunlop-lello-uk.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=E2djDmv4CMXYzYpBWqf9guhWxM+vULzg6aZ/WvDadSA=; b=NPdDDVNrWn6s1dg5O3PQKsesyQihSaNPXvzXEN3C5b7yvTnhW9U9cUGUQ/suXDBcc0 z4OuReHZNjInf/rjeFK2LkFRDBeUXEULkALOzMSWfBZfhGn0UDNvRURt3pTGUqzz+jBj JV4Z4qfC8Fn7nXbErk1reEDqCzomqJbK9B7RhidJlpix6R9fyFu2sESwQHWwJlzDcqzu ctFx/UXkcLGlrWg4cnrQwXMc/VzvPlvk1hV+5PhnGHssrZVaHDHcIR1CM1v7BPsTPTI+ 3tgqgsaxLJMLUohzjVwkav5BoHBDiX3j39AHxrSppRS46lHWddypzP/IixVsEAyUZe+l D1qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=E2djDmv4CMXYzYpBWqf9guhWxM+vULzg6aZ/WvDadSA=; b=OS+FaLDnQp6tmXIwSRbVWZeimCkZSm+5aH3n9c+hXot/wGutgnLpsjAStj42CoPSO2 Ncc8prgx88Bi1aGdkgtJm3sSmaMrbrMU39al1ipP4UUzL4q1sFJCq+F4bxFRygFUao2Y 14suu/jl0tm5YQUVBjkvijwugfLG62f7bcDo/9osrIajneCLv1YfTB3SwnbHXOkPQfMF FWQCzUeKqGTlO6DadKWvZbmR6He1PQiUjTaeGsZ8vx+ekq8NKLNLUz4Jy2AqgBI/NKzu NFNuVNwYtBGh+JvHYWjvXdbRdSVAnf6TYpTWecC4/9/QwKKlCjOrUfbvY3CXm4Nku7E0 LnEA==
X-Gm-Message-State: AD7BkJKBq41GCnQ6EL8qvmQEBOjdZbjMn5EXkELxt0YfujPFGvUjLtLlePKTe3EYNLnSuUcT43+a4s+2fkG+fGZN
MIME-Version: 1.0
X-Received: by 10.112.235.71 with SMTP id uk7mr4025313lbc.39.1459785041255; Mon, 04 Apr 2016 08:50:41 -0700 (PDT)
Received: by 10.25.40.85 with HTTP; Mon, 4 Apr 2016 08:50:40 -0700 (PDT)
In-Reply-To: <fa7284ff7f22aa724fbdc7122707c0e3.squirrel@www.trepanning.net>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com> <56FD2A0A.1050607@gmx.net> <56FD4A42.2080100@akamai.com> <56FD4E32.5060409@gmx.net> <56FD55E3.9060605@akamai.com> <56FD599D.2040206@gmx.net> <56FD5B00.3090007@akamai.com> <ca13e48abd8042c38bc2116bd5574f85@usma1ex-dag1mb1.msg.corp.akamai.com> <56FD5CFC.8090508@gmx.net> <9ed6f4205baf4602857b3c4539fc1941@usma1ex-dag1mb1.msg.corp.akamai.com> <56FD610F.10301@gmx.net> <56FD63B0.2070205@cs.tcd.ie> <1640361f86795f7c3117d9c25be91a72.squirrel@www.trepanning.net> <CACsn0cmM+YTkPKf-nbqgyq=GdG=8M7i+Jq1a-kx77C9CbWCwqg@mail.gmail.com> <fa7284ff7f22aa724fbdc7122707c0e3.squirrel@www.trepanning.net>
Date: Mon, 04 Apr 2016 16:50:40 +0100
Message-ID: <CAPofZaGYpMEiJGz=kFJwfYGPJ433JhcEhLzBky9pi+0RwceeqQ@mail.gmail.com>
From: Phil Lello <phil@dunlop-lello.uk>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: multipart/alternative; boundary="001a11c3c5c2d53ea4052faab04b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/lHlwF8fWsgFSzcif0ovXY8o_pHY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 15:50:46 -0000

On Mon, Apr 4, 2016 at 3:36 PM, Dan Harkins <dharkins@lounge.org> wrote:

>
>
> On Mon, April 4, 2016 7:17 am, Watson Ladd wrote:
>
> Usually what happens is the server generates a self-signed certificate
> and the apps are given some "username" and "password" and the app
> ignores the unauthenticated nature of the TLS connection and sends
> the u/p credential on through.


Isn't this use case more of an argument for an updated auth-digest to use
something better than MD5? I'm not convinced MITM is a real concern for a
typical IoT environment (however that's defined - I'm assuming http in a
domestic environment).

Best wishes,

Phil Lello

v2.23.0 | Report a Bug | By Email