Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-18 Thread Benjamin Kaduk
I agree with "everyone"; it seems like these fall into what "not recommended" is intended to encompass.  I don't have a preference for whether there's an extra annotation about IoT usage. -Ben On 10/09/2017 06:05 PM, Sean Turner wrote: > Anybody else has thoughts on this? > > spt > >> On Oct 3,

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-13 Thread Hannes Tschofenig
CCM_8 is used in the IoT space because some SDOs believed that they need to optimize the transmission overhead. Clearly, this is not meant for general purpose use but rather for IoT only. Is it a good idea to truncate the authentication tag? I don't have an opinion about that but that's what the

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-09 Thread Eric Rescorla
I think this text is good. I suggest "Not Recommended" with a note, and if the IoT groups want to publish their own document updating that note, that would work. -Ekr On Mon, Oct 9, 2017 at 4:05 PM, Sean Turner wrote: > Anybody else has thoughts on this? > > spt > > > On Oct

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-09 Thread Sean Turner
Anybody else has thoughts on this? spt > On Oct 3, 2017, at 18:53, Sean Turner wrote: > > In the IANA registries draft > (https://github.com/tlswg/draft-ietf-tls-iana-registry-updates), we’ve added > a recommended column to the Cipher Suites (CSs) registry (and some others).

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-05 Thread Sean Turner
ir TLS > profiles. > > Cheers, > > Andrei > > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Joseph Salowey > Sent: Wednesday, October 4, 2017 11:42 AM > To: Salz, Rich <rs...@akamai.com> > Cc: <tls@ietf.org> <tls@ietf.org> > Subject: Re: [

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-05 Thread Sean Turner
I put this in a PR: https://github.com/tlswg/draft-ietf-tls-iana-registry-updates/pull/46/files spt > On Oct 4, 2017, at 12:37, Salz, Rich wrote: > > Perhaps change the list “to” to “intended for” ? ___ TLS mailing list

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-04 Thread Salz, Rich
* If an item is marked as not recommended it does not necessarily mean that it is flawed, rather, it indicates that either the item has not been through the IETF consensus process or the item has limited applicability to specific cases. Perhaps change the list “to” to “intended for” ?

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-04 Thread Andrei Popov
, Rich <rs...@akamai.com> Cc: <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] Should CCM_8 CSs be Recommended? The current editor's copy of the draft has the following text about the recommended column: The instructions in this document add a recommended column to many of t

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-04 Thread Joseph Salowey
The current editor's copy of the draft has the following text about the recommended column: The instructions in this document add a recommended column to many of the TLS registries to indicate parameters that are generally recommended for implementations to support. Adding a recommended parameter

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-04 Thread Don Sturek
bject: Re: [TLS] Should CCM_8 CSs be Recommended? > On Oct 4, 2017, at 9:48 AM, Yoav Nir <ynir.i...@gmail.com> wrote: > > >> On 4 Oct 2017, at 16:29, Russ Housley <hous...@vigilsec.com> wrote: >> >> >>> On Oct 4, 2017, at 3:30 AM, Yo

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-04 Thread Yoav Nir
> On 4 Oct 2017, at 16:29, Russ Housley wrote: > > >> On Oct 4, 2017, at 3:30 AM, Yoav Nir > > wrote: >> >>(IoT) - This requirement is for interoperability with IoT. Only >>128-bit keys are at the given level. >

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-04 Thread Russ Housley
> On Oct 4, 2017, at 3:30 AM, Yoav Nir wrote: > >(IoT) - This requirement is for interoperability with IoT. Only >128-bit keys are at the given level. If the IoT environment is willing to accept lower integrity protection in order to save a few bits on the

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-04 Thread Yoav Nir
What we did in IPsec in RFC-tp-be 8221 is the following. This (including the IoT marker) is also going to appear in the IANA registry: +-++-++ | Name| Status | AEAD| Comment|

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-03 Thread Eric Rescorla
Generally I tend to agree we should remove these, but as Jim said, there are reasons where I guess they make sense. Could we add a "Special Circumstances" marking? -Ekr On Tue, Oct 3, 2017 at 3:53 PM, Sean Turner wrote: > In the IANA registries draft (https://github.com/tlswg/

Re: [TLS] Should CCM_8 CSs be Recommended?

2017-10-03 Thread Jim Schaad
nk that we need to keep the recommendation on this algorithms. > -Original Message- > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Sean Turner > Sent: Tuesday, October 3, 2017 3:54 PM > To: <tls@ietf.org> <tls@ietf.org> > Subject: [TLS] Should CCM_8

[TLS] Should CCM_8 CSs be Recommended?

2017-10-03 Thread Sean Turner
In the IANA registries draft (https://github.com/tlswg/draft-ietf-tls-iana-registry-updates), we’ve added a recommended column to the Cipher Suites (CSs) registry (and some others). Right now, the criteria for getting a recommended mark is AEAD ciphers with strong authentication standards