IETF Logo Mail Archive

Re: [TLS] Should CCM_8 CSs be Recommended?

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 04 October 2017 19:11 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13F17132F65 for <tls@ietfa.amsl.com>; Wed, 4 Oct 2017 12:11:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.03
X-Spam-Level:
X-Spam-Status: No, score=-0.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CqIjYp5_5z8 for <tls@ietfa.amsl.com>; Wed, 4 Oct 2017 12:11:52 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0090.outbound.protection.outlook.com [104.47.42.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 574691321C9 for <tls@ietf.org>; Wed, 4 Oct 2017 12:11:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wtwd3KeXEVlY968QppbvV6vwiRQQ4amuure/k3yv87s=; b=RRCgFUc9QBYersA/UkW8Tuv45zYg6Zi9JW+DrPVTOrjLO4zGsjy7nsoDXhOsZfNeploLBxldBSofYBTKm/LEL2rIX3MIlvc1PEfQs/5Tz2GddyOX3EPLp88sLFxM8RpkV82AACkfm/SqBkW9rIPljnWqUbRuOqBblLCyVLaX0v0=
Received: from CY4PR21MB0120.namprd21.prod.outlook.com (10.173.189.14) by CY4PR21MB0694.namprd21.prod.outlook.com (10.175.121.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.122.0; Wed, 4 Oct 2017 19:11:09 +0000
Received: from CY4PR21MB0120.namprd21.prod.outlook.com ([10.173.189.14]) by CY4PR21MB0120.namprd21.prod.outlook.com ([10.173.189.14]) with mapi id 15.20.0098.003; Wed, 4 Oct 2017 19:11:09 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Joseph Salowey <joe@salowey.net>, "Salz, Rich" <rsalz@akamai.com>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Should CCM_8 CSs be Recommended?
Thread-Index: AQHTPJqPT+GHjzxlpkeYJKt8a1yd1qLTlvOAgABwt4CAAAdIUA==
Date: Wed, 04 Oct 2017 19:11:08 +0000
Message-ID: <CY4PR21MB0120E62327D33AD536BDD72E8C730@CY4PR21MB0120.namprd21.prod.outlook.com>
References: <CA26DC83-9524-4CDA-910A-7FDCBF73F849@sn3rd.com> <A77ED838-9A38-41AB-B063-FC6BE6996373@akamai.com> <CAOgPGoAH_-i8dpX0Df=bcrS9t_LMi0N+6T-tpr+ybkA3sfn8tg@mail.gmail.com>
In-Reply-To: <CAOgPGoAH_-i8dpX0Df=bcrS9t_LMi0N+6T-tpr+ybkA3sfn8tg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:8::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0694; 6:WKZWFHvTyIWNOOvqwRqv6NoqJlP38OYO+uITEEKz4HNMNmuas1ZC3k2I2ZkbbSiIfI/h7lhiIZdJklOyBv4oh1GsgvSfKA1coKDreX7UQb62XBJoRD1XzQQjwpBiGbenCqfOnILvJCxoRt5aoNrhJZy1LxWyCMWDF/JF7xjpgh8Lygj2Y8fan2C/3IZ555HXh/6mM06QvLPa6RJROV09PsGgZEDJFoY3VNNjtEi6OIlGwnLj9J/59XviU3Vmm+Nw6irpl5yx8IADVuflWdXi0SY/FajQHiMRrH6wpM7wbCIFXqCms2z1eYdOsvzz7dyUJok5s/LVmpcgWzh8nyVSAQ==; 5:84cmN7jc6kuXp7HPBikIQn65tQYZcTabr8ZfzSM+b7D+/g5B/nPeavPxE0q/vM8n2iq5DdwOLhOVxchSxonifYeS3TODHc5NvQVWMPTIzptciZbbCEQQVDjotLPL/loxll1LeR1e8fsT2tnCdE1SQw==; 24:v9x5r3S57ExAD2CnnxToXyUEOt4Dpw+K0JwG1n2AaQ+hW5rxO5oZLvP2HQ1kQXzVWBRVguF3pZJDWkbpq6hclH2J1AmeSqYpvg02Av8u9ow=; 7:SVlsud1g0FKjLnaCaaqV0NxyA2fjhrpCvKAEXT8lX+bHfcPjK9B8FdbaXiKSbS+C8jiDEnX8sMo+mZgEaEB76i7BjxBDySk0DsGYCI0gfw/vzPZvrmn2ADkNOjPkXgSA8vB/s7hRLlU4SCa1ZIxrr/j+64DfiqQY1AyXK9IIyxb4PYezqqHEXAvHj9WIIVxuQaPuBUCAIVgtMzgk9Q1MFxHqhp96h+Xi8IlP2RrrLQ4=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: d2ac9a11-fda3-49f6-2ad1-08d50b5bab8d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:CY4PR21MB0694;
x-ms-traffictypediagnostic: CY4PR21MB0694:
x-exchange-antispam-report-test: UriScan:(189930954265078)(100405760836317)(219752817060721)(21748063052155);
x-microsoft-antispam-prvs: <CY4PR21MB0694449DAE308EC79FCEAAE48C730@CY4PR21MB0694.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(12181511122)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0694; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0694;
x-forefront-prvs: 0450A714CB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(47760400005)(199003)(377454003)(24454002)(189002)(76104003)(7736002)(97736004)(2950100002)(76176999)(50986999)(54356999)(7696004)(19609705001)(106356001)(3280700002)(10290500003)(3660700001)(8936002)(53936002)(6306002)(54896002)(4326008)(966005)(33656002)(606006)(9686003)(2900100001)(105586002)(5660300001)(8676002)(55016002)(102836003)(74316002)(86362001)(72206003)(236005)(316002)(189998001)(229853002)(22452003)(14454004)(77096006)(99286003)(478600001)(6116002)(53546010)(10090500001)(6436002)(2906002)(68736007)(81166006)(25786009)(110136005)(790700001)(8990500004)(81156014)(6506006)(101416001)(6246003)(86612001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0694; H:CY4PR21MB0120.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0120E62327D33AD536BDD72E8C730CY4PR21MB0120namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d2ac9a11-fda3-49f6-2ad1-08d50b5bab8d
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2017 19:11:08.9003 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0694
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zQYW15yvQrQg6CE1otM1TODGeyA>
Subject: Re: [TLS] Should CCM_8 CSs be Recommended?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2017 19:11:55 -0000

It seems that CCM_8 falls in the “limited applicability” bucket. However, there’s nothing wrong with IoT specs requiring these ciphers in their TLS profiles.

Cheers,

Andrei

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Joseph Salowey
Sent: Wednesday, October 4, 2017 11:42 AM
To: Salz, Rich <rsalz@akamai.com>
Cc: <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] Should CCM_8 CSs be Recommended?

The current editor's copy of the draft has the following text about the recommended column:


The instructions in this document add a recommended column to many of the TLS registries to indicate parameters that are generally recommended for implementations to support. Adding a recommended parameter to a registry or updating a parameter to recommended status requires standards action. Not all parameters defined in standards track documents need to be marked as recommended.

If an item is marked as not recommended it does not necessarily mean that it is flawed, rather, it indicates that either the item has not been through the IETF consensus process or the item has limited applicability to specific cases.

On Wed, Oct 4, 2017 at 4:58 AM, Salz, Rich <rsalz@akamai.com<mailto:rsalz@akamai.com>> wrote:
➢  We’re recommending that these five suites be dropped from the recommended list.  Please let us know what you think.


Does “recommended” mean for general use, in the public Internet?  Or is it “I know it when I see it” kind of thing?

Either way, I support un-recommending them

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cd45d59ecd00a42ed5d8c08d50b57a4ce%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636427393411700505&sdata=hHQFFOVxYxpz0uibh1EQjhzOZVlhIE5nW8cX5Uvd3Bo%3D&reserved=0>

v2.23.0 | Report a Bug | By Email