I'm in favor of this change, as long as it's a binary Y/N. I believe that "Y" can only possibly mean that there is rough IETF consensus to adopt. "Y" cannot mean that this cipher is "cryptographically sound" or "secure", nor can it mean that the "Y" cipher suites are MTI.
The reason I'm in favor is because we can' block the world from implementing the cipher suites they want, even if we don't like what they want or don't have the bandwidth/motivation to analyze every proposal. Cheers, Andrei -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Stephen Farrell Sent: Thursday, March 31, 2016 10:52 AM To: Hannes Tschofenig <hannes.tschofe...@gmx.net>; Salz, Rich <rs...@akamai.com>; Kaduk, Ben <bka...@akamai.com>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites If smaller devices don't use algorithms that can be used to talk to random servers on the Internet, then they are choosing to not try to get interop. That seems like a shame to me, unless there's a really good reason and IMO, mostly there isn't, at the ciphersuite level. I would hope we all won't make the GCM/CCM mistake again for example (that "we" being roughly some combination of IETF/IEEE folks). So I think the proposed change here, if it leads to fewer but more ubiquitously deployed ciphersuites, will help smaller devices. And I do think the IETF recommended column might lead us some way in that direction. Cheers, S. On 31/03/16 18:40, Hannes Tschofenig wrote: > I can see some value in having this IANA registry list for > ciphersuites in the way being proposed (even if it may be interpreted > differently by different audiences). There have been, of course, too > many algorithms used only in specific countries and those > substantially increased the ciphersuite list. > > I am just a little bit worried that everything developed for the IoT > enviroment is quite likely labled as not recommended by the IETF in > this registry because of the Web focus in this group. > > The JPAKE is the item that we are currently interested in because we > have contributed to the standardization work related to Thread and the > stack we had implemented. Of course, the remark that JPAKE might not > be a good fit for TLS 1.3 may be correct. > > Ciao > Hannes > > On 03/31/2016 07:25 PM, Salz, Rich wrote: >>> Interesting idea. You see this IANA registry more as the mandatory >>> to implement algorithm list (for Web apps). >> >> I don't. But lots of outsiders do, and I know they exert pressure on >> various projects and TLS/AD "leadership". I've only had a little bit of it >> via openssl compared to those folks. >> >> -- >> Senior Architect, Akamai Technologies >> IM: richs...@jabber.at Twitter: RichSalz >> >> > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i > etf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40micro > soft.com%7cf32d2e5ac29e49c2d49308d3598d2ad3%7c72f988bf86f141af91ab2d7c > d011db47%7c1&sdata=%2bqpo4fWxLXAhxEZHhv7A9A1BvA60qYUIX0Ds3GWn7WA%3d > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
