Generally I tend to agree we should remove these, but as Jim said, there are reasons where I guess they make sense. Could we add a "Special Circumstances" marking?
-Ekr On Tue, Oct 3, 2017 at 3:53 PM, Sean Turner <s...@sn3rd.com> wrote: > In the IANA registries draft (https://github.com/tlswg/ > draft-ietf-tls-iana-registry-updates), we’ve added a recommended column > to the Cipher Suites (CSs) registry (and some others). Right now, the > criteria for getting a recommended mark is AEAD ciphers with strong > authentication standards track ciphers. While that’s great generally, the > list we’ve got five CSs that gave Joe and I pause: > > TLS_DHE_RSA_WITH_AES_128_CCM_8 > TLS_DHE_RSA_WITH_AES_256_CCM_8 > TLS_PSK_DHE_WITH_AES_128_CCM_8 > TLS_PSK_DHE_WITH_AES_256_CCM_8 > TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 > > The CCM_8 CSs have a significantly truncated authentication tag that > represents a security trade-off that may not be appropriate for general > environment. In other words, this might be great for some IoT device but > we should not generally be recommending these. > > We’re recommending that these five suites be dropped from the recommended > list. Please let us know what you think. > > J&S > (editor hats on) > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
