Re: [TLS] approved algorithms was Re: Does TLS support ECDHE based SEED cipher suites?
>Is there any way to link from the TLS pages in the datatracker to the list of algorithms and their status? The WG chairs can add such a link (as an "external URL"). They'll have to do it. (I can walk someone through the clicking if they need it) ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] approved algorithms was Re: Does TLS support ECDHE based SEED cipher suites?
On 31/12/2021 16:45, Salz, Rich wrote: * IIRC, this was intentional: make it easy to get a code point so people don't squat on them, but have IANA maintain a list of "recommended" ciphers, as shown in the catalog here: IANA maintains the list, under the direction of the designated experts, but whether or not something is recommended comes from the TLS group, not either of the first two. Which is good, you don’t want recommendations coming from (currently) just three people. Is there any way to link from the TLS pages in the datatracker to the list of algorithms and their status? I realise that I can go to IANA home page, select protocols, remember how TLS is spelt, fish around a bit and stumble across it but it seems like an obvious short cut. Tom Petch ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Does TLS support ECDHE based SEED cipher suites?
* IIRC, this was intentional: make it easy to get a code point so people don't squat on them, but have IANA maintain a list of "recommended" ciphers, as shown in the catalog here: IANA maintains the list, under the direction of the designated experts, but whether or not something is recommended comes from the TLS group, not either of the first two. Which is good, you don’t want recommendations coming from (currently) just three people. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Does TLS support ECDHE based SEED cipher suites?
On Fri, Dec 31, 2021 at 11:24 AM tom.ripe wrote: > > > I'd oppose any specification of new cipher suites without a good > > justification, and I think this is an opinion many here share. > > And I just see an I-D for AEGIS-128L and AEGIS-256, albeit not for TLS. > There seems to be no limit to new algorithms! > IIRC, this was intentional: make it easy to get a code point so people don't squat on them, but have IANA maintain a list of "recommended" ciphers, as shown in the catalog here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Kyle ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Does TLS support ECDHE based SEED cipher suites?
On 30/12/2021 09:22, Hanno Böck wrote: On Thu, 30 Dec 2021 15:56:02 +0800 M K Saravanan wrote: Does anyone know whether any ECDHE based cipher suites were added for SEED for TLS? I don't know what the background for this request is, but I'd like to point out that we had similar discussions in the past about obscure ciphers (look for brainpool curves) in the past. This is my personal opinion, but I think it is widely shared among many in the community: It used to be that the TLS community valued supporting as many ciphers as possible. But this has more or less ended with TLS 1.3, which is part of a larger realization in IT security that unnecessary complexity is usually bad and should be avoided. Instead the trend is to support a small set of algorithms that are generally considered "okay-ish" (there are always minor ups and downs of certain cipher choices) and leave it with that and not seek to support a wide variety of algorithms. I'd oppose any specification of new cipher suites without a good justification, and I think this is an opinion many here share. And I just see an I-D for AEGIS-128L and AEGIS-256, albeit not for TLS. There seems to be no limit to new algorithms! Tom Petch ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls