Re: [TLS] [Technical Errata Reported] RFC5246 (5409)

Sean Turner <sean@sn3rd.com> Tue, 26 June 2018 13:21 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABC4A13102A for <tls@ietfa.amsl.com>; Tue, 26 Jun 2018 06:21:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ndAhL5vMv_Kz for <tls@ietfa.amsl.com>; Tue, 26 Jun 2018 06:21:16 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE70D130DDC for <tls@ietf.org>; Tue, 26 Jun 2018 06:21:15 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id u62-v6so6914018qkf.9 for <tls@ietf.org>; Tue, 26 Jun 2018 06:21:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7pOKbzDKedWawjUz8PoxA4xfxWZTl3OUumCLInIN4/U=; b=MfGVhrJAzlbQFQyLPMoG/z19Huq1JrBfZKn7U6PrLOK7e1ef3GSb6Ju7+OrWMfcSue 0LzTtBJWM/RNbqXOKcDyekXTdgs1EF1MEjCb2kajeyLds5VD/T2dM10jiOArRGOKg9Yo vYvQHy0RhM/+8uNylF2320u28M9H5XXWfpruo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7pOKbzDKedWawjUz8PoxA4xfxWZTl3OUumCLInIN4/U=; b=fUNOM0d2boGisSfUEh5aR1UqeT9w5EZrlxnJBpgtWCEd1Wa++utZmLgQoFimtFawHH x6ae18xddgK4o8d4lbSgO1DmcVjqX9GVawS2Yh9mDXqrv3gjSyqrSevd0guqhu7xoT6j WEV8Dt9Bw1bHhypIQ1fndGACEt2k3zyrD95CRGmHkfdi/CMyxsysz/Ts1bFc64Ij5Vmi SgTgqXMUXserdc+4NkGw3QAzBNORG7kk6+ke6PHJbg/vydwNUu6hQh7rJtDBDXTFrkNc Zv0RyRccRLFF/YMO2XBSJohBa416GmGa/xX6oYINrNKtI9FF1r3NOmL/D49fJsyInI6g 4nTQ==
X-Gm-Message-State: APt69E3EIAzQIvar+5rpf4spzu5nWdP9QalWA2kvvyHz3Y9otOybIx1G f3110UqZCsFoDq6vZ2q4tFEo2Q==
X-Google-Smtp-Source: AAOMgpfh85r7zXoVE+lj+yLENw5hed4mFwrfdlch5FJhCCSA9AHmGFAucAn/CFL5l7r3FQV+hqql1w==
X-Received: by 2002:a37:4946:: with SMTP id w67-v6mr1292745qka.394.1530019275010; Tue, 26 Jun 2018 06:21:15 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.225.148]) by smtp.gmail.com with ESMTPSA id o10-v6sm1236362qkl.94.2018.06.26.06.21.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Jun 2018 06:21:14 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <20180626122858.D3574B80C41@rfc-editor.org>
Date: Tue, 26 Jun 2018 09:21:12 -0400
Cc: Tim Dierks <tim@dierks.org>, Eric Rescorla <ekr@rtfm.com>, Joe Salowey <joe@salowey.net>, eugene.adell@gmail.com, TLS WG <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <45C8098C-A6D3-4E7B-BC3C-858C069D8B1D@sn3rd.com>
References: <20180626122858.D3574B80C41@rfc-editor.org>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/pcrNoubbZ9oV_maUH6T4_p8AEYs>
Subject: Re: [TLS] [Technical Errata Reported] RFC5246 (5409)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2018 13:21:23 -0000

First, I think this is editorial.  After all these years, I’m not really sure it’s an interop problem.

Second, if I were making this I would have placed the errata against RFC2712 where the values were assigned.  It’s not really TLS1.2’s place to clear this up.

spt

> On Jun 26, 2018, at 08:28, RFC Errata System <rfc-editor@rfc-editor.org>; wrote:
> 
> The following errata report has been submitted for RFC5246,
> "The Transport Layer Security (TLS) Protocol Version 1.2".
> 
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata/eid5409
> 
> --------------------------------------
> Type: Technical
> Reported by: Eugene Adell <eugene.adell@gmail.com>;
> 
> Section: Appendix A.5
> 
> Original Text
> -------------
>   Note: The cipher suite values { 0x00, 0x1C } and { 0x00, 0x1D } are
>   reserved to avoid collision with Fortezza-based cipher suites in
>   SSL 3.
> 
> Corrected Text
> --------------
>   Note: The cipher suite values { 0x00, 0x1C } and { 0x00, 0x1D } are
>   reserved to avoid collision with Fortezza-based cipher suites in
>   SSL 3. The cipher suite value { 0x00, 0x1E } firstly also assigned to
>   Fortezza has been released and has since been be reassigned. 
> 
> Notes
> -----
> RFC 2712 (Addition of Kerberos Cipher Suites to Transport Layer Security) in its Draft 01 version introduces three new cipher suites colliding with the three Fortezza ones. The Draft 02 version partially corrects that, by moving the Kerberos cipher suites values by two.
> This omission of the third cipher suite has never been corrected, and this remains in the same state in the final RFC 2712, RFC 2246 and its successors including this one.
> 
> Changing the first Kerberos cipher suite value, or moving all of them, would now not make any sense. Enhancing the note as suggested is probably enough to mention how one Fortezza cipher suite disappeared.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> can log in to change the status and edit the report, if necessary. 
> 
> --------------------------------------
> RFC5246 (draft-ietf-tls-rfc4346-bis-10)
> --------------------------------------
> Title               : The Transport Layer Security (TLS) Protocol Version 1.2
> Publication Date    : August 2008
> Author(s)           : T. Dierks, E. Rescorla
> Category            : PROPOSED STANDARD
> Source              : Transport Layer Security
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG