| < draft-sandj-tls-iana-registry-updates-00.txt | draft-sandj-tls-iana-registry-updates-01.txt > | |||
|---|---|---|---|---|
| TLS WG J. Salowey | TLS WG J. Salowey | |||
| Internet-Draft Tableau Software | Internet-Draft Tableau Software | |||
| Updates: 3749, 5077, 4680, 5246, 5878, S. Turner | Updates: 3749, 5077, 4680, 5246, 5878, S. Turner | |||
| 6520, 7301 (if approved) sn3rd | 6520, 7301 (if approved) sn3rd | |||
| Intended status: Standards Track September 07, 2016 | Intended status: Standards Track October 20, 2016 | |||
| Expires: March 11, 2017 | Expires: April 23, 2017 | |||
| D/TLS IANA Registry Updates | D/TLS IANA Registry Updates | |||
| draft-sandj-tls-iana-registry-updates-00 | draft-sandj-tls-iana-registry-updates-01 | |||
| Abstract | Abstract | |||
| This document changes the IANA registry policy for a number of D/TLS- | This document changes the IANA registry policy for a number of | |||
| related registries, renames some of the registries for consistency, | registries related to DTLS and TLS, renames some of the registries | |||
| and adds notes to many of the registries. As a result, this document | for consistency, and adds notes to many of the registries. As a | |||
| updates many RFCs (see updates header). | result, this document updates many RFCs (see updates header). | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 11, 2017. | This Internet-Draft will expire on April 23, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 15 ¶ | skipping to change at page 2, line 15 ¶ | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Process Note . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Process Note . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Add "TLS" to Registry Names . . . . . . . . . . . . . . . . . 3 | 3. Add "TLS" to Registry Names . . . . . . . . . . . . . . . . . 3 | |||
| 4. Aligning with RFC 5226 . . . . . . . . . . . . . . . . . . . 4 | 4. Aligning with RFC 5226 . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. TLS ExtensionType Values . . . . . . . . . . . . . . . . . . 4 | 5. TLS ExtensionType Values . . . . . . . . . . . . . . . . . . 4 | |||
| 6. TLS Cipher Suite Registry . . . . . . . . . . . . . . . . . . 4 | 6. TLS Cipher Suite Registry . . . . . . . . . . . . . . . . . . 4 | |||
| 7. TLS ClientCertificateType Identifiers . . . . . . . . . . . . 5 | 7. TLS ClientCertificateType Identifiers . . . . . . . . . . . . 6 | |||
| 8. New Session Ticket TLS Handshake Message Type . . . . . . . . 5 | 8. New Session Ticket TLS Handshake Message Type . . . . . . . . 7 | |||
| 9. Session Ticket TLS Extension . . . . . . . . . . . . . . . . 5 | 9. Session Ticket TLS Extension . . . . . . . . . . . . . . . . 7 | |||
| 10. TLS Exporter Label Registry . . . . . . . . . . . . . . . . . 6 | 10. TLS Exporter Label Registry . . . . . . . . . . . . . . . . . 7 | |||
| 11. Add Missing Item to TLS Alert Registry . . . . . . . . . . . 6 | 11. Add Missing Item to TLS Alert Registry . . . . . . . . . . . 7 | |||
| 12. Orphaned Extensions . . . . . . . . . . . . . . . . . . . . . 6 | 12. Orphaned Extensions . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 13. Orphaned Registries . . . . . . . . . . . . . . . . . . . . . 6 | 13. Orphaned Registries . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 14. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 14. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 16.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 16.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 16.2. Informative References . . . . . . . . . . . . . . . . . 8 | 16.2. Informative References . . . . . . . . . . . . . . . . . 9 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 1. Process Note | 1. Process Note | |||
| As the authors of this draft are also the WG chairs, the responsible | As the authors of this draft are also the WG chairs, the responsible | |||
| Area Director has agreed to judge consensus. | Area Director has agreed to judge consensus. | |||
| RFC EDITOR: Please delete section prior to publication. | RFC EDITOR: Please delete section prior to publication. | |||
| 2. Introduction | 2. Introduction | |||
| This document requests that IANA make changes to a number of TLS- | This document requests that IANA make changes to a number of DTLS- | |||
| related IANA registries: | and TLS-related IANA registries. | |||
| In this document, we use the term "(D)TLS" to refer to registries | ||||
| that apply to both TLS and DTLS. | ||||
| o Add "TLS" to registries' names for consistency with other TLS- | o Add "TLS" to registries' names for consistency with other TLS- | |||
| related registries. | related registries. | |||
| o Change the IANA registry policy [RFC5226] for the TLS | o Change the IANA registry policy [RFC5226] for the TLS | |||
| ExtensionType Values, TLS Cipher Suite, and TLS | ExtensionType Values, TLS Cipher Suite, and TLS | |||
| ClientCertificateType Identifiers registries. These more relaxes | ClientCertificateType Identifiers registries. These more relaxes | |||
| rules are more condusive to TBD. | rules are more condusive to TBD. | |||
| o Add the designated expert intructions as a note to the TLS | o Add the designated expert intructions as a note to the TLS | |||
| ExtensionType Values, TLS Cipher Suite, and TLS | ExtensionType Values, TLS Cipher Suite, and TLS | |||
| ClientCertificateType Identifiers registries to inform IANA- | ClientCertificateType Identifiers registries to inform IANA- | |||
| registry-focused, non-RFC-reading what's expected from the | registry-focused, non-RFC-reading what's expected from the | |||
| registry. | registry. | |||
| o Add notes to indicate whether an extension, certain values of an | o Add notes to indicate whether an extension, certain values of an | |||
| extension, or an entire registry is only applicable pre-D/TLS 1.3. | extension, or an entire registry is only applicable pre-(D)TLS | |||
| 1.3. | ||||
| o Rename the NewSessionTicket TLS HandshakeType message registry | o Rename the NewSessionTicket TLS HandshakeType message registry | |||
| entry [RFC5077] to new_session_ticket to match the naming | entry [RFC5077] to new_session_ticket to match the naming | |||
| nomenclature for the other Handshake type names and to match with | nomenclature for the other Handshake type names and to match with | |||
| existing implementations. | existing implementations. | |||
| o Rename the SessionTicket TLS to session_ticket to match the | o Rename the SessionTicket TLS to session_ticket to match the | |||
| nomenclature for the other extensions' names. | nomenclature for the other extensions' names. | |||
| o Add missing entry to the TLS Alert Registry for the | o Add missing entry to the TLS Alert Registry for the | |||
| skipping to change at page 5, line 5 ¶ | skipping to change at page 5, line 9 ¶ | |||
| 6. TLS Cipher Suite Registry | 6. TLS Cipher Suite Registry | |||
| IANA is to update the TLS Cipher Suite registry as follows: | IANA is to update the TLS Cipher Suite registry as follows: | |||
| o Change the registry policy to: | o Change the registry policy to: | |||
| Values with the first byte in the range 0-254 (decimal) are | Values with the first byte in the range 0-254 (decimal) are | |||
| assigned via Specification Required [RFC5226]. Values with the | assigned via Specification Required [RFC5226]. Values with the | |||
| first byte 255 (decimal) are reserved for Private Use [RFC2434]. | first byte 255 (decimal) are reserved for Private Use [RFC2434]. | |||
| o Add a "Recommended" column to the cipher suite registry. All | o Add a "Recommended" column to the cipher suite registry. The | |||
| ciphers listed in [I-D.ietf-tls-tls13] Appendix A.4 are marked as | cipher suites that follow in the two tables are marked as "Yes". | |||
| "Yes". All other cipher suites are marked as "No". | All other cipher suites are marked as "No". | |||
| NOTE: The cipher suites that follow are standards track server- | ||||
| authenticated (and optionally client-authenticated) cipher suites | ||||
| which are currently available in TLS 1.2. The notable exception are | ||||
| the ECDHE AES GCM cipher suites which are not yet standards track | ||||
| prior to the publication of this specification, but this document | ||||
| promotes those 4 cipher suites to standards track (see TO-DO insert | ||||
| reference). | ||||
| Cipher Suite Name | Value | ||||
| ----------------------------------------------+------------ | ||||
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | {0x00,0x9E} | ||||
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | {0x00,0x9F} | ||||
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | {0xC0,0x2B} | ||||
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | {0xC0,0x2C} | ||||
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | {0xC0,0x2F} | ||||
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | {0xC0,0x30} | ||||
| TLS_DHE_RSA_WITH_AES_128_CCM | {0xC0,0x9E} | ||||
| TLS_DHE_RSA_WITH_AES_256_CCM | {0xC0,0x9F} | ||||
| TLS_DHE_RSA_WITH_AES_128_CCM_8 | {0xC0,0xA2} | ||||
| TLS_DHE_RSA_WITH_AES_256_CCM_8 | {0xC0,0xA3} | ||||
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | {0xCC,0xA8} | ||||
| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | {0xCC,0xA9} | ||||
| TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | {0xCC,0xAA} | ||||
| NOTE: The cipher suites that follow are standards track ephemeral | ||||
| pre-shared key cipher suites which are available in TLS 1.2. | ||||
| [RFC6655] is inconsistent with respect to the ordering of components | ||||
| within PSK AES CCM cipher suite names; those names are used here | ||||
| without modification. | ||||
| Cipher Suite Name | Value | ||||
| ----------------------------------------------+------------ | ||||
| TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | {0x00,0xAA} | ||||
| TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | {0x00,0xAB} | ||||
| TLS_DHE_PSK_WITH_AES_128_CCM | {0xC0,0xA6} | ||||
| TLS_DHE_PSK_WITH_AES_256_CCM | {0xC0,0xA7} | ||||
| TLS_PSK_DHE_WITH_AES_128_CCM_8 | {0xC0,0xAA} | ||||
| TLS_PSK_DHE_WITH_AES_256_CCM_8 | {0xC0,0xAB} | ||||
| TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | {TBD} | ||||
| TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | {TBD} | ||||
| TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 | {TBD} | ||||
| TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | {TBD} | ||||
| TLS_ECDHE_PSK_WITH_AES_256_CCM_SHA384 | {TBD} | ||||
| TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | {0xCC,0xAC} | ||||
| TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | {0xCC,0xAD} | ||||
| o Add the following: | o Add the following: | |||
| Note: | Notes: | |||
| Although TLS 1.3 uses the same cipher suite space as previous | ||||
| versions of TLS, TLS 1.3 cipher suites are defined differently, | ||||
| only specifying the symmetric ciphers, and cannot it be used for | ||||
| TLS 1.2. Similarly, TLS 1.2 and lower cipher suites cannot be | ||||
| used with TLS 1.3. | ||||
| Cipher suites marked as "Yes" are those allocated via Standards | Cipher suites marked as "Yes" are those allocated via Standards | |||
| Track RFCs. Cipher suites marked as "No" are not; cipher suites | Track RFCs. Cipher suites marked as "No" are not; cipher suites | |||
| marked "No" range from "good" to "bad" from a cryptographic | marked "No" range from "good" to "bad" from a cryptographic | |||
| standpoint. | standpoint. | |||
| The designated expert [RFC5226] only ensures that the | The designated expert [RFC5226] only ensures that the | |||
| specification is publically available. | specification is publically available. | |||
| 7. TLS ClientCertificateType Identifiers | 7. TLS ClientCertificateType Identifiers | |||
| skipping to change at page 6, line 22 ¶ | skipping to change at page 7, line 40 ¶ | |||
| 11. Add Missing Item to TLS Alert Registry | 11. Add Missing Item to TLS Alert Registry | |||
| IANA is to add the following entry to the TLS Alert Registry (the | IANA is to add the following entry to the TLS Alert Registry (the | |||
| entry was omitted from the IANA instructions in [RFC7301]): | entry was omitted from the IANA instructions in [RFC7301]): | |||
| 120 no_application_protocol Y [RFC7301] | 120 no_application_protocol Y [RFC7301] | |||
| 12. Orphaned Extensions | 12. Orphaned Extensions | |||
| To make it clear that D/TLS 1.3 has orphaned certain extensions | To make it clear that (D)TLS 1.3 has orphaned certain extensions | |||
| (i.e., they are only applicable to version of D/TLS prior to 1.3), | (i.e., they are only applicable to version of (D)TLS prior to 1.3), | |||
| IANA is to add the following to the TLS ExtensionType Values | IANA is to add the following to the TLS ExtensionType Values | |||
| registry: | registry: | |||
| Note: | Note: | |||
| The following extensions are only applicable to D/TLS protocol vesions prior to 1.3: truncated_hmac, srp, encrypt_then_mac, extended_master_secret, session_ticket, and renegotiation_info are not applicable to TLS 1.3. | The following extensions are only applicable to (D)TLS protocol vesions prior to 1.3: truncated_hmac, srp, encrypt_then_mac, extended_master_secret, session_ticket, and renegotiation_info are not applicable to TLS 1.3. | |||
| 13. Orphaned Registries | 13. Orphaned Registries | |||
| To make it clear that D/TLS 1.3 has orphaned certain registries | To make it clear that (D)TLS 1.3 has orphaned certain registries | |||
| (i.e., they are only applicable to version of D/TLS protocol versions | (i.e., they are only applicable to version of (D)TLS protocol | |||
| prior to 1.3), IANA is to: | versions prior to 1.3), IANA is to: | |||
| o Add the following to the TLS Compression Method Identifiers | o Add the following to the TLS Compression Method Identifiers | |||
| registry [RFC3749]: | registry [RFC3749]: | |||
| Note: | Note: | |||
| Value 0 (NULL) is the only value in this registry applicable to D/ | Value 0 (NULL) is the only value in this registry applicable to | |||
| TLS protocol versions prior to 1.3. | (D)TLS protocol version 1.3 or later. | |||
| o Add the following to the TLS Hash Algorithm [RFC5246] and TLS | o Add the following to the TLS Hash Algorithm [RFC5246] and TLS | |||
| SignatureAlgorithm registries [RFC5246]: | SignatureAlgorithm registries [RFC5246]: | |||
| Note: | Note: | |||
| The values in this registry are only applicable to D/TLS protocol | The values in this registry are only applicable to (D)TLS protocol | |||
| versions prior to 1.3. | versions prior to 1.3. | |||
| o Update the "References" in the TLS Compression Method Identifiers, | o Update the "References" in the TLS Compression Method Identifiers, | |||
| TLS Hash Algorithm [RFC5246] and TLS SignatureAlgorithm registries | TLS Hash Algorithm [RFC5246] and TLS SignatureAlgorithm registries | |||
| to also refer to this document. | to also refer to this document. | |||
| 14. Security Considerations | 14. Security Considerations | |||
| TBSL | TBSL | |||
| End of changes. 14 change blocks. | ||||
| 37 lines changed or deleted | 93 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||