Hi, Since the draft has DHE cipher suites as a MUST NOT, I believe the appropriate value is indeed "Discouraged". (From 8447bis: "N: Indicates that the item has not been evaluated by the IETF and that the IETF has made no statement about the suitability of the associated mechanism." That seems incongruent with MUST NOT.)
We might as well add text to change the RSA cipher suites to "D". It'd be great if one of the chairs could please chime in and let us know if this sounds reasonable? thanks, Nimrod On Wed, 29 Mar 2023 at 08:28, John Mattsson <john.mattsson= 40ericsson....@dmarc.ietf.org> wrote: > Hi, > > > > 5. IANA Considerations > > > > This document requests IANA to mark the cipher suites listed in Appendix > C as not recommended in the "TLS Cipher Suites" registry. Note that all > cipher suites listed in Appendix A and in Appendix D are already marked > as not recommended in the registry. > > How do we split the IANA actions for cipher suites between this document, > RFC8447, and draft-mattsson-tls-psk-ke-dont-dont-dont? > > ”N” seems highly inappropriate for TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA > > that is very clearly a “D” > > What about TLS_DHE_RSA_WITH_AES_128_GCM_SHA256. Is that a ”N”? The > definition of discourage is clear with RFC8447bis. The definition of > deprecated is not as clear. > > > > Cheers, > > John > > > *From: *TLS <tls-boun...@ietf.org> on behalf of internet-dra...@ietf.org < > internet-dra...@ietf.org> > *Date: *Sunday, 26 March 2023 at 00:54 > *To: *i-d-annou...@ietf.org <i-d-annou...@ietf.org> > *Cc: *tls@ietf.org <tls@ietf.org> > *Subject: *[TLS] I-D Action: draft-ietf-tls-deprecate-obsolete-kex-02.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This Internet-Draft is a work item of the Transport Layer > Security (TLS) WG of the IETF. > > Title : Deprecating Obsolete Key Exchange Methods in TLS 1.2 > Authors : Carrick Bartle > Nimrod Aviram > Filename : draft-ietf-tls-deprecate-obsolete-kex-02.txt > Pages : 20 > Date : 2023-03-25 > > Abstract: > This document deprecates the use of RSA key exchange and Diffie > Hellman over a finite field in TLS 1.2, and discourages the use of > static elliptic curve Diffie Hellman cipher suites. > > Note that these prescriptions apply only to TLS 1.2 since TLS 1.0 and > 1.1 are deprecated by [RFC8996] and TLS 1.3 either does not use the > affected algorithm or does not share the relevant configuration > options. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-02.html > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-deprecate-obsolete-kex-02 > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
