Anybody else has thoughts on this? spt
> On Oct 3, 2017, at 18:53, Sean Turner <s...@sn3rd.com> wrote: > > In the IANA registries draft > (https://github.com/tlswg/draft-ietf-tls-iana-registry-updates), we’ve added > a recommended column to the Cipher Suites (CSs) registry (and some others). > Right now, the criteria for getting a recommended mark is AEAD ciphers with > strong authentication standards track ciphers. While that’s great generally, > the list we’ve got five CSs that gave Joe and I pause: > > TLS_DHE_RSA_WITH_AES_128_CCM_8 > TLS_DHE_RSA_WITH_AES_256_CCM_8 > TLS_PSK_DHE_WITH_AES_128_CCM_8 > TLS_PSK_DHE_WITH_AES_256_CCM_8 > TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 > > The CCM_8 CSs have a significantly truncated authentication tag that > represents a security trade-off that may not be appropriate for general > environment. In other words, this might be great for some IoT device but we > should not generally be recommending these. > > We’re recommending that these five suites be dropped from the recommended > list. Please let us know what you think. > > J&S > (editor hats on) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
