tlswg / rfc4492bis Goto Github PK

While discussing draft-whyte-qsh-tls12 at the ’15 Fall Interim, it was noted that the Extension Type registry and the two-related EC registries require are IETF Consensus (now called IETF Review) before an assignment can be made (modulo the early assignment process); IETF Review requires an RFC that has progressed through the IESG as AD-Sponsored or IETF WG Documents. This path is not always an easy one to navigate and it’s an especially onerous path if you’re just looking to do some experimentation and some would argue this has led to some implementers quietly squatting in the registry space. So would it make sense to change these registries to be more in-line with some of other registries that allow for easier registrations for experimental use, e.g.,

TLS HashAlgorithm Registry:
0-63: Standards Action. 64-223: Specification Required. 224-255: Reserved for Private Use

RFC 5226 changed "IETF Consensus" to "IETF Review" so how about:
OLD:

   Any additional assignments require IETF Consensus action.

NEW:

   Any additional assigned required IETF Review.

   NOTE: IANA please update the registries to reflect the new policy name.
   NOTE: RFC editor please delete these two notes prior to publication.

We should also request that IANA registry refer to this document instead of RFC 4492 so how about we add the following to the end of the section:

 IANA please update these two registries to refer to this document.

The table should probably be truncated to hold only the last three entries.
Cf Section 5.1.1: NamedCurve.

I guess the ecdh_x* curves could be added.

Need to fix the editorial nit noted in:
https://mailarchive.ietf.org/arch/msg/tls/j6PXHVQiOxAulJZMuYxmMMA2pJA

In TLS 1.2 the restrictions on what certificates are allowed in a certificate chain were relaxed so the following text from sections 2.1 and 2.2 in the draft should be clarified with respect to TLS 1.2:

• 2.1:
  In ECDHE_ECDSA, the server's certificate MUST contain an ECDSA-
  capable public key and be signed with ECDSA.
• 2.2:
  The server certificate MUST be signed with RSA.

(@ekr suggested I file this here.)

In TLS 1.3, we dropped the "ecdh_" prefix on ecdh_x25519 and ecdh_x448 when we split signatures from NamedCurve/Group. The documents should probably match in naming one way or another. I think plain x25519 and x448 is tidier. X25519 already denotes the ECDH function, as opposed to curve25519 which is the curve.

This extension has been renamed "Supported Groups" in the drafts of TLS 1.3 and FFDHE.

Having different names for the same extension in different concurrent RFCs should be avoided.

Section 5.1.1 and other places should be updated accordingly.

My view: just because DH_anon is confused, doesn't mean we can't fix it for ECDH(E).