Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

Yoav Nir <ynir.ietf@gmail.com> Wed, 30 March 2016 20:28 UTC

Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_DAE46F9A-20AD-4A90-BFE2-D76009571257"; protocol="application/pgp-signature"; micalg="pgp-sha256"
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <87egarbvic.fsf@alice.fifthhorseman.net>
Date: Wed, 30 Mar 2016 23:26:10 +0300
Message-Id: <F7468161-DC32-47E8-97F9-0680D344115A@gmail.com>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com> <56FBF1B5.8030906@akamai.com> <8737r8ymrd.fsf@alice.fifthhorseman.net> <20160330192008.GB771@LK-Perkele-V2.elisa-laajakaista.fi> <87egarbvic.fsf@alice.fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/wOE4BJLuWnzez8uN4JtLFbeqM14>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
Precedence: list

> On 30 Mar 2016, at 10:44 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> 
> On Wed 2016-03-30 15:20:08 -0400, Ilari Liusvaara wrote:
>> On Wed, Mar 30, 2016 at 12:05:26PM -0400, Daniel Kahn Gillmor wrote:
>>> On Wed 2016-03-30 11:33:09 -0400, Benjamin Kaduk wrote:
>>>> I am not sure that we want to be in the business of explicitly marking
>>>> things as insecure other than our own RFCs, though -- there could be an
>>>> implication of more review than is actually the case, which is what this
>>>> proposal is trying to get rid of.
>>> 
>>> I think i agree with Ben here: if we have a tri-state:
>>> approved/not-approved/known-bad, then the people will infer that the
>>> not-approved ciphersuites are better than the known-bad ones, which
>>> isn't necessarily the case.
>>> 
>>> I think i'd rather see it stay at "approved/not-approved"
>> 
>> Then how should ciphersuites with explicit diediedie RFCs (currently
>> RC4) be presented?
> 
> i'd say that they are "not-approved", clearly. :)

That brings up another question. How do things move from “approved” to “not-approved”? Does it require a diediedie document? What happens when we decide that 3DES is just too limited and there’s not good reason to use it, but there’s really no security issue with using it?

Yoav

Attachment: signature.asc

[TLS] call for consensus: changes to IANA registr… Sean Turner
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
Re: [TLS] call for consensus: changes to IANA reg… Dmitry Belyavsky
Re: [TLS] call for consensus: changes to IANA reg… Henrick Hellström
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
Re: [TLS] call for consensus: changes to IANA reg… Henrick Hellström
Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
Re: [TLS] call for consensus: changes to IANA reg… Ilari Liusvaara
Re: [TLS] call for consensus: changes to IANA reg… Daniel Kahn Gillmor
Re: [TLS] call for consensus: changes to IANA reg… Yoav Nir
Re: [TLS] call for consensus: changes to IANA reg… Dave Garrett
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Bill Frantz
Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
Re: [TLS] call for consensus: changes to IANA reg… Martin Thomson
Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Dang, Quynh (Fed)
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Benjamin Kaduk
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Hannes Tschofenig
Re: [TLS] call for consensus: changes to IANA reg… Eric Rescorla
Re: [TLS] call for consensus: changes to IANA reg… Stephen Farrell
Re: [TLS] call for consensus: changes to IANA reg… Rick van Rein
Re: [TLS] call for consensus: changes to IANA reg… Andrei Popov
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Watson Ladd
Re: [TLS] call for consensus: changes to IANA reg… Salz, Rich
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
Re: [TLS] call for consensus: changes to IANA reg… Watson Ladd
Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
Re: [TLS] call for consensus: changes to IANA reg… Phil Lello
Re: [TLS] call for consensus: changes to IANA reg… Kaduk, Ben
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Phil Lello
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Adam Langley
Re: [TLS] call for consensus: changes to IANA reg… Peter Gutmann
Re: [TLS] call for consensus: changes to IANA reg… Adam Langley
Re: [TLS] call for consensus: changes to IANA reg… Dan Harkins
Re: [TLS] call for consensus: changes to IANA reg… Aaron Zauner
Re: [TLS] call for consensus: changes to IANA reg… Sean Turner
Re: [TLS] call for consensus: changes to IANA reg… Dang, Quynh (Fed)
Re: [TLS] call for consensus: changes to IANA reg… Sean Turner

Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

Attachment: signature.asc