IETF Logo Mail Archive

Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 31 March 2016 17:51 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D45B612D5D2 for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 10:51:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQG4iVX8tPIP for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 10:51:50 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFA5E12D142 for <tls@ietf.org>; Thu, 31 Mar 2016 10:51:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0B545BE3F; Thu, 31 Mar 2016 18:51:47 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8dkS1H1mlNna; Thu, 31 Mar 2016 18:51:45 +0100 (IST)
Received: from [10.87.49.100] (unknown [86.46.30.32]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id EC6D3BE2D; Thu, 31 Mar 2016 18:51:44 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1459446705; bh=W3wh3HzL5uM7k/QXzdOy8+OLparFzOyMCPbZo6mltB0=; h=Subject:To:References:From:Date:In-Reply-To:From; b=RFae/DeT3nhkKU/OgR3EF5HIwbgW7Q8kf9lEgled2xIQs8i8D2DmyQw1xZn1fNVVl +lZ+GLzZlLiHAjMZt0az3z0uhMJavu+NMT6vIkjXYnjiHjJ+YbQX+btihJ4qhC8gOc 91Fknixfl9Ahq4X8a1AoCAu0UuuKFX7s4gaolUSU=
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "Salz, Rich" <rsalz@akamai.com>, "Kaduk, Ben" <bkaduk@akamai.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com> <56FD2A0A.1050607@gmx.net> <56FD4A42.2080100@akamai.com> <56FD4E32.5060409@gmx.net> <56FD55E3.9060605@akamai.com> <56FD599D.2040206@gmx.net> <56FD5B00.3090007@akamai.com> <ca13e48abd8042c38bc2116bd5574f85@usma1ex-dag1mb1.msg.corp.akamai.com> <56FD5CFC.8090508@gmx.net> <9ed6f4205baf4602857b3c4539fc1941@usma1ex-dag1mb1.msg.corp.akamai.com> <56FD610F.10301@gmx.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56FD63B0.2070205@cs.tcd.ie>
Date: Thu, 31 Mar 2016 18:51:44 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56FD610F.10301@gmx.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="QdkEhdxaqrHMIh5m0Pumf1CsEISX3p4r9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tcUJhQMUx5vH7yDL9Fn-2elXzEQ>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2016 17:51:53 -0000

If smaller devices don't use algorithms that can be used to talk to
random servers on the Internet, then they are choosing to not try to
get interop. That seems like a shame to me, unless there's a really
good reason and IMO, mostly there isn't, at the ciphersuite level. I
would hope we all won't make the GCM/CCM mistake again for example
(that "we" being roughly some combination of IETF/IEEE folks).

So I think the proposed change here, if it leads to fewer but more
ubiquitously deployed ciphersuites, will help smaller devices. And I
do think the IETF recommended column might lead us some way in that
direction.

Cheers,
S.

On 31/03/16 18:40, Hannes Tschofenig wrote:
> I can see some value in having this IANA registry list for ciphersuites
> in the way being proposed (even if it may be interpreted differently by
> different audiences). There have been, of course, too many algorithms
> used only in specific countries and those substantially increased the
> ciphersuite list.
> 
> I am just a little bit worried that everything developed for the IoT
> enviroment is quite likely labled as not recommended by the IETF in this
> registry because of the Web focus in this group.
> 
> The JPAKE is the item that we are currently interested in because we
> have contributed to the standardization work related to Thread and the
> stack we had implemented. Of course, the remark that JPAKE might not be
> a good fit for TLS 1.3 may be correct.
> 
> Ciao
> Hannes
> 
> On 03/31/2016 07:25 PM, Salz, Rich wrote:
>>> Interesting idea. You see this IANA registry more as the mandatory to
>>> implement algorithm list (for Web apps).
>>
>> I don't.  But lots of outsiders do, and I know they exert pressure on various projects and TLS/AD "leadership".  I've only had a little bit of it via openssl compared to those folks.
>>
>> --  
>> Senior Architect, Akamai Technologies
>> IM: richsalz@jabber.at Twitter: RichSalz
>>
>>
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email