[TLS] editorial error in draft-ietf-tls-rfc4492bis-17

Tue, 24 Oct 2017 06:23:02 -0700 

I just noticed a strange inconsistency in section 6 of
draft-ietf-tls-rfc4492bis-17

    https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-17#section-6

The last of the "must implement 1 of these 4" list of cipher suites at
the end of section 6 is not contained in the table at the beginning of
section 6 above it (instead, it appears in rfc5289 only).

I believe that the last ciphersuites should be changed (which will
provide consistence with the second list entry (the TLSv1.2 MTI cipher suite).


-Martin


       +-----------------------------------------+----------------+
       | CipherSuite                             | Identifier     |
       +-----------------------------------------+----------------+
       | TLS_ECDHE_ECDSA_WITH_NULL_SHA           | { 0xC0, 0x06 } |
       | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   | { 0xC0, 0x08 } |
       | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    | { 0xC0, 0x09 } |
       | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    | { 0xC0, 0x0A } |
       | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | { 0xC0, 0x2B } |
       | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | { 0xC0, 0x2C } |
       |                                         |                |
       | TLS_ECDHE_RSA_WITH_NULL_SHA             | { 0xC0, 0x10 } |
       | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     | { 0xC0, 0x12 } |
       | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      | { 0xC0, 0x13 } |
       | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      | { 0xC0, 0x14 } |
       | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   | { 0xC0, 0x2F } |
       | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   | { 0xC0, 0x30 } |
       |                                         |                |
       | TLS_ECDH_anon_WITH_NULL_SHA             | { 0xC0, 0x15 } |
       | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     | { 0xC0, 0x17 } |
       | TLS_ECDH_anon_WITH_AES_128_CBC_SHA      | { 0xC0, 0x18 } |
       | TLS_ECDH_anon_WITH_AES_256_CBC_SHA      | { 0xC0, 0x19 } |
       +-----------------------------------------+----------------+


   Server implementations SHOULD support all of the following cipher
   suites, and client implementations SHOULD support at least one of
   them:

   o  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   o  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   o  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+  o  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-  o  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to