[TLS] FYI: discussion on TLS 1.2 SignatureAlgorithm IANA allocation
Benjamin Kaduk <kaduk@mit.edu> Thu, 12 August 2021 05:52 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 976293A3758 for <tls@ietfa.amsl.com>; Wed, 11 Aug 2021 22:52:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K10F9aT58bz5 for <tls@ietfa.amsl.com>; Wed, 11 Aug 2021 22:52:04 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BA623A3756 for <tls@ietf.org>; Wed, 11 Aug 2021 22:52:04 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 17C5pveT000886 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Thu, 12 Aug 2021 01:52:02 -0400
Date: Wed, 11 Aug 2021 22:51:56 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: tls@ietf.org
Message-ID: <20210812055156.GM50759@kduck.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vYUHy34qeA-TBrlTlUA2DoLC0BQ>
Subject: [TLS] FYI: discussion on TLS 1.2 SignatureAlgorithm IANA allocation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Aug 2021 05:52:12 -0000
Hi all, I recently did an RFC 5742 conflict review of a document that is allocating new cipher suites for TLS 1.2 and also needs new signature algorithms. The document currently requests two allocations from the old TLS 1.2 SignatureAlgorithm registry that TLS 1.3 replaced with the two-octet SignatureScheme registry. (Actually, the registrations have been live for 2.5 years but the document is just getting ready for publication as an RFC now.) I tried to summarize the history and WG intent at the time of RFCs 8446/8447 in a note to tls-reg-review (https://mailarchive.ietf.org/arch/msg/tls-reg-review/1RJOKg9Cnt1PHS-iOC5sOOt5aeE/) and wanted to send a heads-up here in case I'm misrepresenting history and/or WG intent. Please send any follow-ups to me directly; I will collate and report back if it turns out that I did get things wrong. -Ben
- [TLS] FYI: discussion on TLS 1.2 SignatureAlgorit… Benjamin Kaduk