Hi all, Thank you for taking up this issue. We started the discussion based on work we are currently doing in IEC TC57 WG15, in the context of security event logging. As we rely on syslog and are using TLS to secure it, there was a request to be able to support it with current cipher suites as also motivated in the authors notes. That said, I would support adoption as well.
While reading the current version of the draft I came across the following formulation in section 4 and section 5: "The mandatory to implement cipher suite is REQUIRED to be TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256." The choice is perfectly fine and also matches the supported ciphersuites in the TLS profile in IEC 62351. In the IEC discussion we assumed that the use of alternative ciphersuites is also possible. While the use of alternative ciphersuites is not ruled out explicitly, would it make sense to add a sentence like: "Other ciphersuites MAY be supported depending on the security policy of the operator. They should be assessed to provide appropriate security for the intended use." Background for the formulation is to have an explicit statement regarding support of other ciphersuites. Interoperability by the draft is achieved only with the mandator to implement ciphersuite. This is clear. But if an operator decides to use for instance TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 it should be possible. Best regards Steffen > -----Original Message----- > From: Uta <uta-boun...@ietf.org> On Behalf Of Salz, Rich > Sent: Donnerstag, 21. April 2022 14:59 > To: Leif Johansson <le...@sunet.se>; uta@ietf.org > Subject: Re: [Uta] secdispatched: draft-ciphersuites-in-sec-syslog-01 > > > Folks - is there any interest working on this in UTA? > > I support adoption. I'll read and give feedback. Should be a pretty easy > doc to > finish off. > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf > .org%2Fmailman%2Flistinfo%2Futa&data=05%7C01%7Csteffen.fries%40sie > mens.com%7Cfe25baaac1d444bd40fb08da2396c405%7C38ae3bcd95794fd4add > ab42e1495d55a%7C1%7C0%7C637861427694289898%7CUnknown%7CTWFpb > GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6M > n0%3D%7C3000%7C%7C%7C&sdata=cHP3uc2qOAilxXAbNqaV4FqaraNrRQ > Yuz2k5mCcLBcw%3D&reserved=0 _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
