Hi Rich, New suggestion for specification required: Items violating the security properties shall be marked as D. Otherwise N.
It is not hard to see that e.g., NULL encryption violates the properties. The alternative is that someone afterwards need to write a standards track draft and progress that through IETF. As an author of such a draft I would rather not have do that work. I would much rather help evaluating if an item violates the properties before registration. https://datatracker.ietf.org/doc/draft-mattsson-tls-psk-ke-dont-dont-dont/ Cheers, John Sent from Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> Sent: Saturday, January 28, 2023 6:17 PM To: John Mattsson <john.matts...@ericsson.com>; TLS@ietf.org <tls@ietf.org> Subject: Re: [TLS] I-D Action: draft-ietf-tls-rfc8447bis-02.txt As one of the designated experts, I would rather not make that judgement call. It’s enough to verify that there is documentation and it is possible to implement from that documentation. From: John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> Date: Saturday, January 28, 2023 at 11:57 AM To: "tls@ietf.org" <tls@ietf.org> Subject: Re: [TLS] I-D Action: draft-ietf-tls-rfc8447bis-02.txt Hi, The current document states that setting the Recommended item to "D" requires Standards Action. I think the designated experts should be given the ability to mark specification required registrations as “D” Discouraged. In particular, I think the designated experts should mark anything that violates the security properties described in Appendix F of RFC 8446 as Discouraged, but I think the experts should be given the ability to mark anything they think “might result in problems if they are used, such as a weak cryptographic algorithm or a mechanism that might cause interoperability problems in deployment.” as “D” Discouraged. Cheers, John From: TLS <tls-boun...@ietf.org> on behalf of John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> Date: Thursday, 12 January 2023 at 07:09 To: tls@ietf.org <tls@ietf.org> Subject: Re: [TLS] I-D Action: draft-ietf-tls-rfc8447bis-02.txt Hi, I really like the updates to the Recommended column. Making "Y" normative RECOMMENDED and introducing "D" seems like great changes. Good job! Some high level comments/questions/suggestions ----------------------------- - It is very hard to understand from the TLS Cipher Suites registry which cipher suites that can be used in TLS 1.3. I think it would be good to introduce a TLS 1.3 column. - Should TLS versions (0x0304, 0x303, ...) and their Recommended status be added as a new registry? I think that would be good. - Maybe rename "DTLS-OK" to "DTLS"? md5 can be e.g. be used in DTLS but is not ok to use in DTLS. - How do one find information on which parameters are QUIC-OK? Comments on current text: ----------------------------- - "undertaken as part of the TLS 1.3 development process." The abstract should be updated. The part above could be removed. I think the IANA policies need more work. See some examples below: - "Setting the Recommended item to "Y" or "D" or changing a item whose current value is "Y" or "D" requires Standards Action [RFC8126]." This seems redundant as there is a sentence below it that say the same thing in a much better way: “Changing the Recommended status of an item in a Standards Track RFC requires Standards Action [RFC8126].” - "Adding a value Y to the "Recommended" column requires Standards Action {{RFC8126}}." Seems to be different from the general rule above. - "IESG Approval is REQUIRED for a Y->N transition." Also Y->D I assume Cheers, John From: TLS <tls-boun...@ietf.org> on behalf of internet-dra...@ietf.org <internet-dra...@ietf.org> Date: Monday, 24 October 2022 at 18:32 To: i-d-annou...@ietf.org <i-d-annou...@ietf.org> Cc: tls@ietf.org <tls@ietf.org> Subject: [TLS] I-D Action: draft-ietf-tls-rfc8447bis-02.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : IANA Registry Updates for TLS and DTLS Authors : Joe Salowey Sean Turner Filename : draft-ietf-tls-rfc8447bis-02.txt Pages : 22 Date : 2022-10-23 Abstract: This document describes a number of changes to TLS and DTLS IANA registries that range from adding notes to the registry all the way to changing the registration policy. These changes were mostly motivated by WG review of the TLS- and DTLS-related registries undertaken as part of the TLS 1.3 development process. This document obsoletes RFC 8447 and updates the following RFCs: 3749, 5077, 4680, 5246, 5705, 5878, 6520, and 7301. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8447bis/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-tls-rfc8447bis/__;!!GjvTz_vk!QqPr9x6IrhEPWJfLGVqNYz3rfCaztfoH4JpYD5iw106aYZDEdOyxeFLDqaUR1uAyLxotH5hNu3fh11aHm-50pFo4Mpcc$> There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-tls-rfc8447bis-02.html<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ietf-tls-rfc8447bis-02.html__;!!GjvTz_vk!QqPr9x6IrhEPWJfLGVqNYz3rfCaztfoH4JpYD5iw106aYZDEdOyxeFLDqaUR1uAyLxotH5hNu3fh11aHm-50pDeo0Y4W$> A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-rfc8447bis-02<https://urldefense.com/v3/__https:/www.ietf.org/rfcdiff?url2=draft-ietf-tls-rfc8447bis-02__;!!GjvTz_vk!QqPr9x6IrhEPWJfLGVqNYz3rfCaztfoH4JpYD5iw106aYZDEdOyxeFLDqaUR1uAyLxotH5hNu3fh11aHm-50pFUzvp3C$> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/tls__;!!GjvTz_vk!QqPr9x6IrhEPWJfLGVqNYz3rfCaztfoH4JpYD5iw106aYZDEdOyxeFLDqaUR1uAyLxotH5hNu3fh11aHm-50pEtSCuNy$>
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
