Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

Yoav Nir <ynir.ietf@gmail.com> Wed, 30 March 2016 16:33 UTC

Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <8737r8ymrd.fsf@alice.fifthhorseman.net>
Date: Wed, 30 Mar 2016 19:32:54 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <12F5A3D4-D99A-4D5B-B589-27CD8EBC98CF@gmail.com>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com> <56FBF1B5.8030906@akamai.com> <8737r8ymrd.fsf@alice.fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/mh59N61nODBrvs3hsXepUjhC-IA>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
Precedence: list

> On 30 Mar 2016, at 7:05 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> 
> On Wed 2016-03-30 11:33:09 -0400, Benjamin Kaduk wrote:
>> I am not sure that we want to be in the business of explicitly marking
>> things as insecure other than our own RFCs, though -- there could be an
>> implication of more review than is actually the case, which is what this
>> proposal is trying to get rid of.
> 
> I think i agree with Ben here: if we have a tri-state:
> approved/not-approved/known-bad, then the people will infer that the
> not-approved ciphersuites are better than the known-bad ones, which
> isn't necessarily the case.
> 
> I think i'd rather see it stay at "approved/not-approved”

+1

Nothing will ever be marked as known-bad unless it’s in widespread use. Nobody’s ever going to write a die-die-die document for some homebrew cipher or even for a national cipher unless something really spectacular happens. I’d rather not have them marked as “neutral”, which implies they are better than RC4’s “known-bad”. 

Besides, what about 3DES? For limited amounts of data it works perfectly fine if you follow all the CBC caveats, but with high-speed high-volume connections, you’ll have to rekey often. And there are faster, better alternatives. Do we mark it as “known-bad”? It’s certainly not broken the way RC4 is. I’d rather we not go there.

Yoav

[TLS] call for consensus: changes to IANA registr… Sean Turner
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
Re: [TLS] call for consensus: changes to IANA reg… Dmitry Belyavsky
Re: [TLS] call for consensus: changes to IANA reg… Henrick Hellström
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
Re: [TLS] call for consensus: changes to IANA reg… Henrick Hellström
Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
Re: [TLS] call for consensus: changes to IANA reg… Ilari Liusvaara
Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
Re: [TLS] call for consensus: changes to IANA reg… Dave Garrett
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Bill Frantz
Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
Re: [TLS] call for consensus: changes to IANA reg… Martin Thomson
Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Dang, Quynh (Fed)
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
Re: [TLS] call for consensus: changes to IANA reg… Andrei Popov
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Watson Ladd
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
Re: [TLS] call for consensus: changes to IANA reg… Watson Ladd
Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
Re: [TLS] call for consensus: changes to IANA reg… Phil Lello
Re: [TLS] call for consensus: changes to IANA reg… Kaduk, Ben
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Phil Lello
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Adam Langley
Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
Re: [TLS] call for consensus: changes to IANA reg… Adam Langley
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Aaron Zauner
Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
Re: [TLS] call for consensus: changes to IANA reg… Dang, Quynh (Fed)
Re: [TLS] call for consensus: changes to IANA reg… Sean Turner