IETF Logo Mail Archive

Re: [Uta] Alissa Cooper's Discuss on draft-ietf-uta-tls-bcp-09: (with DISCUSS and COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 17 February 2015 21:29 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28FFE1A90D4; Tue, 17 Feb 2015 13:29:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TG1YSGy3ZU7j; Tue, 17 Feb 2015 13:29:54 -0800 (PST)
Received: from mail-la0-f49.google.com (mail-la0-f49.google.com [209.85.215.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3CF11A90CC; Tue, 17 Feb 2015 13:29:53 -0800 (PST)
Received: by labgf13 with SMTP id gf13so38393158lab.9; Tue, 17 Feb 2015 13:29:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OkyJGZM1stkIRyXlJ0E3rXAAfEIZf5tWq5WabCOjXaU=; b=Q/KQSFCpkJJRgIFaPl46pOVUxSwBHnDuURvAemF4tNJ5dBUiUmsGRh3ZH3sPzEpigW CAlDnTW+hrlcTtXofhmm/1gkdXDSfhMUg20CoUsPuAgLMGpFLNSw6bX8ssmVkDI5yfiy 9VJp97bo7xY4cAPBW9KFUSTfrbhQd7rvN7n68v+Zd3mozW4JyRaEKgilqvYm2OYlJxVF Ei/I3E5doNLSh/zdfTgxltPjTkaGylYl/3a70VP8QFg4WtBhjO1qp+roSh+iWVQ0rlfp Lm+1gqtkHvgUD+cQKaauQj1ahAraKnbJxTbQF4tai86OyEIG2X6C9/XLf1gxvmDQFNvc JtlQ==
MIME-Version: 1.0
X-Received: by 10.112.46.201 with SMTP id x9mr12625703lbm.65.1424208592207; Tue, 17 Feb 2015 13:29:52 -0800 (PST)
Received: by 10.112.167.101 with HTTP; Tue, 17 Feb 2015 13:29:52 -0800 (PST)
In-Reply-To: <54E3AE7C.9040303@qti.qualcomm.com>
References: <20150217194951.32741.94403.idtracker@ietfa.amsl.com> <54E39F72.9000709@andyet.net> <54E3AE7C.9040303@qti.qualcomm.com>
Date: Tue, 17 Feb 2015 16:29:52 -0500
Message-ID: <CAHbuEH42OiM+7JBejfkNRpR07Hjm2eBhGUtOhfDEndryMpOP+Q@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
Content-Type: multipart/alternative; boundary="001a1134586a39859b050f4f6751"
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/6KaV0-wq0PKlBckK4IcK2jBgwJQ>
Cc: "Orit Levin (LCA)" <oritl@microsoft.com>, Peter Saint-Andre - &yet <peter@andyet.net>, uta@ietf.org, Alissa Cooper <alissa@cooperw.in>, uta-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-uta-tls-bcp.all@ietf.org
Subject: Re: [Uta] Alissa Cooper's Discuss on draft-ietf-uta-tls-bcp-09: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2015 21:29:56 -0000

On Tue, Feb 17, 2015 at 4:11 PM, Pete Resnick <presnick@qti.qualcomm.com>
wrote:

> On 2/17/15 2:07 PM, Peter Saint-Andre - &yet wrote:
>
>  On 2/17/15 12:49 PM, Alissa Cooper wrote:
>>
>>  So my question is whether we should consider this document effectively
>>> silent about the choice of cipher suites to be used when we standardize a
>>> new application protocol in the IETF, or an update to an existing
>>> protocol.
>>>
>>
>> If an application protocol wishes to follow the recommendations here,
>> someone needs to write a document that says so.
>>
>
> What about new protocols?


HTTPbis included a blacklist of the registered TLS cipher suites  that
should not be used, with one that is on the registered list as MTI.  Is
something like that needed more generally or is cleanup of the TLS registry
of recommendations needed?
https://datatracker.ietf.org/doc/draft-ietf-httpbis-http2 Section 9.2 and
appendix A
TLS registry:
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

The recommended list in this draft, section 4.2 includes cipher suites that
were all registered for use with TLS 1.2 as far as I can tell.

If this doesn't help, just ignore.

-Kathleen

>
>
>  That is the impression that I get from the text right now, and
>>> it doesn't quite match the way we've been using/citing the document in
>>> some recent discussions of other drafts.
>>>
>>
>> Do you have examples?
>>
>
> http://tools.ietf.org/html/draft-ietf-paws-protocol-20#section-7
>
> pr
>
> --
> Pete Resnick<http://www.qualcomm.com/~presnick/>
> Qualcomm Technologies, Inc. - +1 (858)651-4478
>
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email