On Thu, Jul 23, 2015 at 06:06:04PM +0100, Stephen Farrell wrote: > > > On 23/07/15 16:43, Dave Garrett wrote: > > We should just get more serious about banning old crap entirely to > > make dangerous misconfiguration impossible for TLS 1.3+ > > implementations. > > > > Right now, the restrictions section prohibits: RC4, SSL2/3, & > > EXPORT/NULL entirely (via min bits) and has "SHOULD" use TLS 1.3+ > > compatible with TLS 1.2, if available > > A suggestion - could we remove mention of anything that > is not a MUST or SHOULD ciphersuite from the TLS1.3 document > and then have someone write a separate draft that adds a > column to the registry where we can mark old crap as > deprecated?
Checked the ciphersuite registry. Of 316 negotiable ciphers, marking everything that doesn't work in TLS 1.3 or is DSS ciphersuite (nobody uses that) would leave 52 ciphersuites undeprecated. Unfortunately, completing the various sets could add up to 31 new ciphersuites... :-/ Flags: A => Anonymous (6+8) D => Dubious use (6+1). I guess IoT devices don't appreciate FFDHE. F => FFDHE (26+3) I => IoT foucus (18+12) N => New signature type (0+11), merging would take bending TLS 1.2 rules. R => RSA signature type with ECDHE (6+1) V => Vanity (24+8) The 52 are: --F-- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 --F-- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 A-F-- TLS_DH_anon_WITH_AES_128_GCM_SHA256 A-F-- TLS_DH_anon_WITH_AES_256_GCM_SHA384 ----- TLS_PSK_WITH_AES_128_GCM_SHA256 ----- TLS_PSK_WITH_AES_256_GCM_SHA384 -DFI- TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 -DFI- TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 ----- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ----- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ----R TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ----R TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 --FV- TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 --FV- TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 A-FV- TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 A-FV- TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 ---V- TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ---V- TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ---VR TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ---VR TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ---V- TLS_PSK_WITH_ARIA_128_GCM_SHA256 ---V- TLS_PSK_WITH_ARIA_256_GCM_SHA384 -DFV- TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 -DFV- TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 --FV- TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 --FV- TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 A-FV- TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 A-FV- TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 ---V- TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 ---V- TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 ---VR TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 ---VR TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 ---V- TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 ---V- TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 -DFV- TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 -DFV- TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 -DFI- TLS_DHE_RSA_WITH_AES_128_CCM -DFI- TLS_DHE_RSA_WITH_AES_256_CCM -DFI- TLS_DHE_RSA_WITH_AES_128_CCM_8 -DFI- TLS_DHE_RSA_WITH_AES_256_CCM_8 ---I- TLS_PSK_WITH_AES_128_CCM ---I- TLS_PSK_WITH_AES_256_CCM -DFI- TLS_DHE_PSK_WITH_AES_128_CCM -DFI- TLS_DHE_PSK_WITH_AES_256_CCM ---I- TLS_PSK_WITH_AES_128_CCM_8 ---I- TLS_PSK_WITH_AES_256_CCM_8 -DFI- TLS_PSK_DHE_WITH_AES_128_CCM_8 -DFI- TLS_PSK_DHE_WITH_AES_256_CCM_8 ---I- TLS_ECDHE_ECDSA_WITH_AES_128_CCM ---I- TLS_ECDHE_ECDSA_WITH_AES_256_CCM ---I- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ---I- TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 And the new 31 would be: ----R TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 ----- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 --F-- TLS_DHE_RSA_WITH_CHACHA20_POLY1305 ----- TLS_PSK_WITH_CHACHA20_POLY1305 ---I- TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305 -DFI- TLS_DHE_PSK_WITH_CHACHA20_POLY1305 ---I- TLS_ECDHE_PSK_WITH_AES_128_GCM ---I- TLS_ECDHE_PSK_WITH_AES_256_GCM ---I- TLS_ECDHE_PSK_WITH_AES_128_CCM_8 ---I- TLS_ECDHE_PSK_WITH_AES_256_CCM_8 ---I- TLS_ECDHE_PSK_WITH_AES_128_CCM ---I- TLS_ECDHE_PSK_WITH_AES_256_CCM A---- TLS_ECDH_anon_WITH_AES_128_GCM_SHA256 A---- TLS_ECDH_anon_WITH_AES_256_GCM_SHA384 A--V- TLS_ECDH_anon_WITH_ARIA_128_GCM_SHA256 A--V- TLS_ECDH_anon_WITH_ARIA_256_GCM_SHA384 A--V- TLS_ECDH_anon_WITH_CAMELLIA_128_GCM_SHA256 A--V- TLS_ECDH_anon_WITH_CAMELLIA_256_GCM_SHA384 A---- TLS_ECDH_anon_WITH_CHACHA20_POLY1305 A-F-- TLS_DH_anon_WITH_CHACHA20_POLY1305 ----N TLS_ECDHE_ECIDSA_WITH_AES_128_GCM_SHA256 ----N TLS_ECDHE_ECIDSA_WITH_AES_256_GCM_SHA384 ---VN TLS_ECDHE_ECIDSA_WITH_ARIA_128_GCM_SHA256 ---VN TLS_ECDHE_ECIDSA_WITH_ARIA_256_GCM_SHA384 ---VN TLS_ECDHE_ECIDSA_WITH_CAMELLIA_128_GCM_SHA256 ---VN TLS_ECDHE_ECIDSA_WITH_CAMELLIA_256_GCM_SHA384 ---IN TLS_ECDHE_ECIDSA_WITH_AES_128_CCM ---IN TLS_ECDHE_ECIDSA_WITH_AES_256_CCM ---IN TLS_ECDHE_ECIDSA_WITH_AES_128_CCM_8 ---IN TLS_ECDHE_ECIDSA_WITH_AES_256_CCM_8 ----N TLS_ECDHE_ECIDSA_WITH_CHACHA20_POLY1305 -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
