[TLS] Reserve or close HashAlgorithm and SignatureAlgorithm registries?

Sean Turner <sean@sn3rd.com> Fri, 04 May 2018 19:54 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B2EB41200C1 for <tls@ietfa.amsl.com>; Fri, 4 May 2018 12:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id SMGv1D1zp8QW for <tls@ietfa.amsl.com>; Fri, 4 May 2018 12:54:07 -0700 (PDT)
Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60DBE12D7ED for <tls@ietf.org>; Fri, 4 May 2018 12:54:07 -0700 (PDT)
Received: by mail-qt0-x233.google.com with SMTP id f5-v6so15586039qth.2 for <tls@ietf.org>; Fri, 04 May 2018 12:54:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=3x6A0X3/q6TQZmBsEsyW2fNFcQASb56+jpXps3uR6tc=; b=Z42uoCYykT4difST4B1GV8EJsXlUt2xPLUUghUgKlK8QZ6/WkZuWQKM3RXFRn3amBD R1dUxbM7O/HGu84/44CLGv0Q8J4AhxrKkE6dhDfMicTCdVSHfIDcUepOxDyhWW4rEOb2 pzM2IYoJAlayBRUukMqt3SHjox6tvywQdXWHc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=3x6A0X3/q6TQZmBsEsyW2fNFcQASb56+jpXps3uR6tc=; b=KwlKo3HFj2rfaA1k/nr/Hw5aQ3zBbxgA2iwX+QxYI+k7k+zKGZR94ZgULFtfCRQxhN JMlY0mYiy6TfogddB5Z3hQR6XwQ3VHbf3roHy1uvtf0YUh0vC/RcSq/yXYcKIPbPds/N K4lZBtjlZH89i2KLfz/qkCkhtFmIqsgYJkM6hTh1peWEW0ozSfDzqVvtR59laqj81qPx p4qFZat9aMTjdASaD7p/9mHYJBp3YtcpygeeM6X1UTrGtGEVNZPclcOD+zIdX4Vj1jaJ e+k6M/yx8c34PI74aAL9wdZ+nArjE6viBdMo60lsWLOKmxlPwDcvwZk4kjCXSoBye73Z /lww==
X-Gm-Message-State: ALQs6tCWwIX/sy1vU4fcpWutItTo8R+39XfVOTQqLEFL6m4jo9iDuUcl Ikpx+VVe+OIpCYWevi0JCRykxuqvE6k=
X-Google-Smtp-Source: AB8JxZosLYA9c8nWgnBGNJ4BJ1LGC7df9mAV8oz1BwLMBcsk/LlpmkXeLUMJ97pK33K+PgB1Tj6CBA==
X-Received: by 2002:aed:2a31:: with SMTP id c46-v6mr25497904qtd.238.1525463645836; Fri, 04 May 2018 12:54:05 -0700 (PDT)
Received: from [] ([]) by smtp.gmail.com with ESMTPSA id t47-v6sm15355380qtc.1.2018. for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 May 2018 12:54:05 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Message-Id: <079B8933-C079-4929-AB2C-93DBC5E8B8EA@sn3rd.com>
Date: Fri, 04 May 2018 15:54:03 -0400
To: TLS WG <tls@ietf.org>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zFywXFPO6nvcLMtQBEBQ1K4HlBs>
Subject: [TLS] Reserve or close HashAlgorithm and SignatureAlgorithm registries?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 19:54:11 -0000

The open issue in draft-ietf-tls-iana-registry-updates is whether we should close the registries or simply reserve the remaining values.  I’ve submitted the following PR to simply reserve the values and point to the SignatureScheme registry for 1.3 values:
I did this because a) closing a registry is really just symbolic; a draft (or the IESG) can later reopen the registry, and b) At least person has indicated they might want code points for a TLS1.2 implementation.  Regardless of what we do we should point to the SignatureScheme registry for 1.3, but I just don’t really see the point in “closing” the registry.  If this PR makes you really sad please let us know.

Please note that the gh editor’s copy also includes the IESG-related changes.  I’d characterize most of them as good catches (e.g., cached_info was missing) and consistency (e.g., some of the DE language was not consistent).

I’d also like to point out that IANA specifically asked about the DE doing such a minimal review and we let them know that yes in some cases it was going to be just that.  But, this also made us consider adding the text that was in the security considerations and elsewhere to every DE-related note.  It is clearer now what the DE will do in the notes in case people don’t want to take the time to review this draft, which is actually what I think happens in most cases.