[TLS] Comments on draft-yang-tls-tls13-sm-suites-02
John Mattsson <john.mattsson@ericsson.com> Tue, 10 December 2019 09:24 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 743FE120861 for <tls@ietfa.amsl.com>; Tue, 10 Dec 2019 01:24:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SiDp8c97SbIm for <tls@ietfa.amsl.com>; Tue, 10 Dec 2019 01:24:36 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02on0621.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe05::621]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0FEF120860 for <TLS@ietf.org>; Tue, 10 Dec 2019 01:24:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XkrLkeZ3PLSFjALvy0Vw+AkxmsXa7z7SrFreaSdpQ76PnsbMTuVrRKzL5FjjfRDcvr5Kr5qEHvxoJSHTfPPn+eQX5KLYNRc4mbD/JNgcgZBpGxgqXJ+TyvSeYCOuAYpXXaQZ3dMD4cdn/Ac1tpqwJafNF3jNKwGUBceNcpVd6NoFXwZblYql6aODNrYXmuzKkpPdIRXKEhbD05tXTry5YgnI8mi+jLUlU/BUU64iYYcV0VBx69t/B/10iqGw1Z8GPYlO9/SyPK8eGVi+Sph7foXjJxnRlmh2S/T4kJ4yRVv4EJ3Fj6VS1PvTAa3DqnUjP/bhIrMpMLnLCXJC4xVZow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vi4sPVnsp4syWGALHBYdAUwfqcX5MHcJHx3nKKLIGBY=; b=KLXOVdfkePghZXhO5fJqW7mVNx6GP5gdt3k6GJn9iNMQkmdDcXpI938+pu4w1JlPbPQf+m6lxqvm3Vwp7GVqZyuRnDIZ8KEMjgAiBk6O7rY1ttlsU67N+gtgrDTc+1KGS+zNADLiH2WjMX07sifcluYA3DXfh8zoW2n/KYTrCSOIFstlv/6cfOp7Vh6/GBuSO4qWk4h/VwqAHQq6qVMg9Ar9fFD5fAEq1YloJZg1XetoJtxJjByDTeI7H8eCFEU9JCTvLOGXKP/wIb7DQHQYrHLBmgZtCg3P3CEIoFkXl92m5RR2OqALb9KsNxx1xHWGYvMVvEi9fNRCAvcgyBg7iw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vi4sPVnsp4syWGALHBYdAUwfqcX5MHcJHx3nKKLIGBY=; b=angyYvrRX61Ns9D4jg/9tbCXbsBMXg+qy5luIWhUmNO37cjzjKM5LKqJQYw1Yp2e5TmG8JlvYxoxD1lFBUPzfDtbLE2GYBya7r1wmjR4ldHG9Vdy6JxiqYjjKM/X9QS79qIXyD43sBLkp8d5A8MumI3pZXlgFjI3yonlFdkZPoA=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3420.eurprd07.prod.outlook.com (10.170.247.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.6; Tue, 10 Dec 2019 09:24:32 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::1986:9afa:b0a0:5636]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::1986:9afa:b0a0:5636%7]) with mapi id 15.20.2538.012; Tue, 10 Dec 2019 09:24:32 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: Comments on draft-yang-tls-tls13-sm-suites-02
Thread-Index: AQHVrzuhknAROWYegEaexuHSBN4F7g==
Date: Tue, 10 Dec 2019 09:24:32 +0000
Message-ID: <F6310F55-103D-4101-B6CC-AF99CA0021F8@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1f.0.191110
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 25a39904-72b3-45f6-678b-08d77d52c424
x-ms-traffictypediagnostic: HE1PR07MB3420:
x-microsoft-antispam-prvs: <HE1PR07MB3420C14A69D2BB2E9CCD7A21895B0@HE1PR07MB3420.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 02475B2A01
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(366004)(39860400002)(396003)(136003)(189003)(199004)(81156014)(71190400001)(5660300002)(76116006)(64756008)(66556008)(8936002)(66946007)(66446008)(66476007)(8676002)(6916009)(316002)(305945005)(81166006)(5640700003)(36756003)(2906002)(6486002)(91956017)(2616005)(6512007)(966005)(71200400001)(478600001)(6506007)(33656002)(86362001)(44832011)(186003)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3420; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JWi7mthIgB28UWV/esxGH4qNB2Nc8gKLK4nVKRxGXKSbBcz8AY7JMLopJlIny402nwwW9cGF1dXcVDZKeDzNoNHkKyIv4E3/XSU9ijbuKEQx0dpmEN5cK54dctBEeCusZfcClE9tAHP7td4+bc2Ik0rSncDrFFFU68FFGMS70qbFyMP48ZjkyhaXjklkEJVPePn9VYf8GGGfo9caxOTeZY8GspC15Xl02kSprpKOC4TMiF7EUp7ZsIiZz7DgoYknBwVM3lmeiwW5BzvxMOA63bTB4zVcdb7DC2mvSSuS4Bl1Dt2wD7Y5fmWVI30w7VAp1oqDw0c8KLEMFjl4fVRKDP3Qye7rzRcf+OkfUMuLPXsQBXQt+aIKSFPZeivgIqvyxPNSUbTKKRVV2uvGN8bXN9jEhEUc4dpd0NOX2RpRULgkdjrMRKZGdMI0Azc/qLO+/vCeDfUVAcc3IXkLv4ryixbz29E8KwB08JnBheqsbWs=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3553EB5EB72AB04E9C033E07E827C085@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 25a39904-72b3-45f6-678b-08d77d52c424
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Dec 2019 09:24:32.6005 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6fTh5RXSz55ZQm79mZpk+3idFFf8PrnuIRxm2arvPCtHWEMpZh3e4XXi7Vlz7j3h5HZS2S0gOJO9ot8AXnvdNzbPM9J6VKiJuMWesKwORDc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3420
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/sTrTaLyfsQQGBVOOzdLUwqyZ6Pk>
Subject: [TLS] Comments on draft-yang-tls-tls13-sm-suites-02
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2019 09:24:41 -0000
Hi, -- The document says in the abstract and introduction that: “The SM cipher suites are becoming mandatory in China”. To my understating the new Chinese cryptography/encryption law effective on January 1, 2020 goes in the opposite direction by removing regulatory and legal problems with using commercial encryption and explicitly allowing foreign commercial encryption products to be used. This is all very positive. See a collection of references below. I would therefore suggest deleting the sentence “The SM cipher suites are becoming mandatory in China”, alternatively specify where such use is mandatory (preferably with a reference). http://www.npc.gov.cn/npc/c30834/201910/6f7be7dd5ae5459a8de8baf36296bc74.shtml https://translate.google.com/translate?hl=en&sl=zh-CN&tl=en&u=http%3A%2F%2Fwww.npc.gov.cn%2Fnpc%2Fc30834%2F201910%2F6f7be7dd5ae5459a8de8baf36296bc74.shtml https://www.lexblog.com/2019/10/31/china-enacts-encryption-law/ https://www.uscc.gov/sites/default/files/2019-11/November%202019%20Trade%20Bulletin.pdf https://www.scmp.com/news/china/politics/article/3034764/china-hopes-cryptography-law-will-provide-security-and https://www.cov.com/-/media/files/corporate/publications/2019/10/china_enacts_encryption_law.pdf http://www.xinhuanet.com/english/2019-10/26/c_138505655.htm -- "SM2 is a set of elliptic curve based cryptographic algorithms including digital signature, public key encryption and key exchange scheme. In this document, only the SM2 digital signature algorithm is involved" The document seems to define the use of SM2 for key exchange as well -- I don't see why the algorithms are not DTLS-OK Best Regards, John
- [TLS] Comments on draft-yang-tls-tls13-sm-suites-… John Mattsson