idnits 2.17.00 (12 Aug 2021) /tmp/idnits30514/draft-sandj-tls-iana-registry-updates-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 175 characters in excess of 72. -- The draft header indicates that this document updates RFC5077, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3749, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC5878, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC4680, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC5246, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC3749, updated by this document, for RFC5378 checks: 2002-09-05) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 07, 2016) is 2081 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC4680' is defined on line 314, but no explicit reference was found in the text == Unused Reference: 'RFC5705' is defined on line 333, but no explicit reference was found in the text == Unused Reference: 'RFC5878' is defined on line 337, but no explicit reference was found in the text == Unused Reference: 'RFC6520' is defined on line 341, but no explicit reference was found in the text == Outdated reference: draft-ietf-tls-tls13 has been published as RFC 8446 ** Obsolete normative reference: RFC 5077 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Downref: Normative reference to an Experimental RFC: RFC 5878 == Outdated reference: draft-ietf-tls-rfc4492bis has been published as RFC 8422 -- Obsolete informational reference (is this intentional?): RFC 2434 (Obsoleted by RFC 5226) -- Obsolete informational reference (is this intentional?): RFC 6961 (Obsoleted by RFC 8446) Summary: 5 errors (**), 0 flaws (~~), 7 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TLS WG J. Salowey 3 Internet-Draft Tableau Software 4 Updates: 3749, 5077, 4680, 5246, 5878, S. Turner 5 6520, 7301 (if approved) sn3rd 6 Intended status: Standards Track September 07, 2016 7 Expires: March 11, 2017 9 D/TLS IANA Registry Updates 10 draft-sandj-tls-iana-registry-updates-00 12 Abstract 14 This document changes the IANA registry policy for a number of D/TLS- 15 related registries, renames some of the registries for consistency, 16 and adds notes to many of the registries. As a result, this document 17 updates many RFCs (see updates header). 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on March 11, 2017. 36 Copyright Notice 38 Copyright (c) 2016 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Process Note . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 3. Add "TLS" to Registry Names . . . . . . . . . . . . . . . . . 3 56 4. Aligning with RFC 5226 . . . . . . . . . . . . . . . . . . . 4 57 5. TLS ExtensionType Values . . . . . . . . . . . . . . . . . . 4 58 6. TLS Cipher Suite Registry . . . . . . . . . . . . . . . . . . 4 59 7. TLS ClientCertificateType Identifiers . . . . . . . . . . . . 5 60 8. New Session Ticket TLS Handshake Message Type . . . . . . . . 5 61 9. Session Ticket TLS Extension . . . . . . . . . . . . . . . . 5 62 10. TLS Exporter Label Registry . . . . . . . . . . . . . . . . . 6 63 11. Add Missing Item to TLS Alert Registry . . . . . . . . . . . 6 64 12. Orphaned Extensions . . . . . . . . . . . . . . . . . . . . . 6 65 13. Orphaned Registries . . . . . . . . . . . . . . . . . . . . . 6 66 14. Security Considerations . . . . . . . . . . . . . . . . . . . 7 67 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 68 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 69 16.1. Normative References . . . . . . . . . . . . . . . . . . 7 70 16.2. Informative References . . . . . . . . . . . . . . . . . 8 71 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 73 1. Process Note 75 As the authors of this draft are also the WG chairs, the responsible 76 Area Director has agreed to judge consensus. 78 RFC EDITOR: Please delete section prior to publication. 80 2. Introduction 82 This document requests that IANA make changes to a number of TLS- 83 related IANA registries: 85 o Add "TLS" to registries' names for consistency with other TLS- 86 related registries. 88 o Change the IANA registry policy [RFC5226] for the TLS 89 ExtensionType Values, TLS Cipher Suite, and TLS 90 ClientCertificateType Identifiers registries. These more relaxes 91 rules are more condusive to TBD. 93 o Add the designated expert intructions as a note to the TLS 94 ExtensionType Values, TLS Cipher Suite, and TLS 95 ClientCertificateType Identifiers registries to inform IANA- 96 registry-focused, non-RFC-reading what's expected from the 97 registry. 99 o Add notes to indicate whether an extension, certain values of an 100 extension, or an entire registry is only applicable pre-D/TLS 1.3. 102 o Rename the NewSessionTicket TLS HandshakeType message registry 103 entry [RFC5077] to new_session_ticket to match the naming 104 nomenclature for the other Handshake type names and to match with 105 existing implementations. 107 o Rename the SessionTicket TLS to session_ticket to match the 108 nomenclature for the other extensions' names. 110 o Add missing entry to the TLS Alert Registry for the 111 no_application_protocol alert defined in [RFC7301] 113 This document proposes no changes to the TLS Alert 114 [I-D.ietf-tls-tls13], TLS ContentType [I-D.ietf-tls-tls13], TLS 115 HandshakeType, [I-D.ietf-tls-tls13] and TLS Certificate Status Types 116 [RFC6961]; Standards Action, for the 1st three, and IETF Review, for 117 the last, are appropriate for these one-byte code points because of 118 their scarcity. 120 This document proposes no changes to the EC Curve Type, EC Point 121 Format registries , and Supported Groups Registry (see 122 [I-D.ietf-tls-rfc4492bis]). 124 The lengthy updates header is a result of requests for IANA to refer 125 to this draft in addition to the original RFC that defined a 126 particular registry. 128 3. Add "TLS" to Registry Names 130 IANA is to update the names of the following registries to add "TLS" 131 to for consistency with the other TLS-related extensions: 133 o Application-Layer Protocol Negotiation (ALPN) Protocol IDs, 135 o ExtensionType Values, 137 o Heartbeat Message Types, 139 o Heartbeat Modes, and 141 o Supported Groups. 143 IANA is also to add a reference to this document for the registry 144 whose names have been updated as a result of the above change. 146 NOTE: Henceforth in this document the registries will be referred to 147 using the "TLS" prefix. 149 4. Aligning with RFC 5226 151 Many of the TLS-related IANA registries were defined prior to 152 [RFC5226] where "IETF Consensus" was used instead of the 153 RFC5226-defined "IETF Review". To align with the new terminology, 154 IANA is to update to use "IETF Review" in place of "IETF Consensus" 155 in the following registries: 157 o TLS Authorization Data Formats 159 o TLS Supplemental Data Formats (SupplementalDataType) 161 NOTE: Not that this is not a universal change as some registries 162 originally defined with "IETF Consensus" are undergoing other changes 163 either as a result of this document or [I-D.ietf-tls-rfc4492bis]. 165 5. TLS ExtensionType Values 167 IANA is to update the TLS ExtensionType Values registry as follows: 169 o Change the registry policy to: 171 Values with the first byte in the range 0-254 (decimal) are 172 assigned via Specification Required [RFC5226]. Values with the 173 first byte 255 (decimal) are reserved for Private Use [RFC5226]. 175 o Update the "References" to also refer to this document. 177 o Add the following note: 179 Note: Experts are to verify that there is in fact a publicly 180 available standard. 182 6. TLS Cipher Suite Registry 184 IANA is to update the TLS Cipher Suite registry as follows: 186 o Change the registry policy to: 188 Values with the first byte in the range 0-254 (decimal) are 189 assigned via Specification Required [RFC5226]. Values with the 190 first byte 255 (decimal) are reserved for Private Use [RFC2434]. 192 o Add a "Recommended" column to the cipher suite registry. All 193 ciphers listed in [I-D.ietf-tls-tls13] Appendix A.4 are marked as 194 "Yes". All other cipher suites are marked as "No". 196 o Add the following: 198 Note: 200 Cipher suites marked as "Yes" are those allocated via Standards 201 Track RFCs. Cipher suites marked as "No" are not; cipher suites 202 marked "No" range from "good" to "bad" from a cryptographic 203 standpoint. 205 The designated expert [RFC5226] only ensures that the 206 specification is publically available. 208 7. TLS ClientCertificateType Identifiers 210 IANA is to update the TLS ClientCertificateType Identifiers registry 211 as follows: 213 o Change the registry policy to: 215 Values in the range 0-223 are assigned via Specification Required 216 [RFC5226]. Values 224-255 are are reserved for Private Use. 218 o Add the following: 220 Note: 222 The designated expert [RFC5226] only ensures that the 223 specification is publically available. 225 8. New Session Ticket TLS Handshake Message Type 227 To align with TLS implementations and to align the naming 228 nomenclature for other Handshake message types, IANA is to rename 229 entry 4 in the TLS HandshakeType registry to "new_session_ticket 230 (renamed from NewSessionTicket)". IANA is to also add a reference to 231 this document in the Reference column for entry 4 in the TLS 232 HandshakeType registry. 234 9. Session Ticket TLS Extension 236 The nomenclature for the registry entries in the TLS ExtensionType 237 Values registry correspond to the presentation language field name 238 except for entry 35. To ensure that the values in the registry are 239 consistently identified in the registry, IANA is to rename entry 35 240 to "session_ticket (renamed from "SessionTicket TLS")". 242 10. TLS Exporter Label Registry 244 IANA is to add the following note to the TLS Exporter Label Registry: 246 {{RFC5705}} defines keying material exporters for TLS in terms of the TLS PRF. {{I-D.ietf-tls-tls13}} replaced the PRF with HKDF, thus requiring a new construction. The exporter interface remains the same, however the value is computed different. 248 11. Add Missing Item to TLS Alert Registry 250 IANA is to add the following entry to the TLS Alert Registry (the 251 entry was omitted from the IANA instructions in [RFC7301]): 253 120 no_application_protocol Y [RFC7301] 255 12. Orphaned Extensions 257 To make it clear that D/TLS 1.3 has orphaned certain extensions 258 (i.e., they are only applicable to version of D/TLS prior to 1.3), 259 IANA is to add the following to the TLS ExtensionType Values 260 registry: 262 Note: 264 The following extensions are only applicable to D/TLS protocol vesions prior to 1.3: truncated_hmac, srp, encrypt_then_mac, extended_master_secret, session_ticket, and renegotiation_info are not applicable to TLS 1.3. 266 13. Orphaned Registries 268 To make it clear that D/TLS 1.3 has orphaned certain registries 269 (i.e., they are only applicable to version of D/TLS protocol versions 270 prior to 1.3), IANA is to: 272 o Add the following to the TLS Compression Method Identifiers 273 registry [RFC3749]: 275 Note: 277 Value 0 (NULL) is the only value in this registry applicable to D/ 278 TLS protocol versions prior to 1.3. 280 o Add the following to the TLS Hash Algorithm [RFC5246] and TLS 281 SignatureAlgorithm registries [RFC5246]: 283 Note: 285 The values in this registry are only applicable to D/TLS protocol 286 versions prior to 1.3. 288 o Update the "References" in the TLS Compression Method Identifiers, 289 TLS Hash Algorithm [RFC5246] and TLS SignatureAlgorithm registries 290 to also refer to this document. 292 14. Security Considerations 294 TBSL 296 15. IANA Considerations 298 This document is entirely about changes to TLS-related IANA 299 registries. 301 16. References 303 16.1. Normative References 305 [I-D.ietf-tls-tls13] 306 Rescorla, E., "The Transport Layer Security (TLS) Protocol 307 Version 1.3", draft-ietf-tls-tls13-14 (work in progress), 308 July 2016. 310 [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol 311 Compression Methods", RFC 3749, DOI 10.17487/RFC3749, May 312 2004, . 314 [RFC4680] Santesson, S., "TLS Handshake Message for Supplemental 315 Data", RFC 4680, DOI 10.17487/RFC4680, October 2006, 316 . 318 [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, 319 "Transport Layer Security (TLS) Session Resumption without 320 Server-Side State", RFC 5077, DOI 10.17487/RFC5077, 321 January 2008, . 323 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 324 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 325 DOI 10.17487/RFC5226, May 2008, 326 . 328 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 329 (TLS) Protocol Version 1.2", RFC 5246, 330 DOI 10.17487/RFC5246, August 2008, 331 . 333 [RFC5705] Rescorla, E., "Keying Material Exporters for Transport 334 Layer Security (TLS)", RFC 5705, DOI 10.17487/RFC5705, 335 March 2010, . 337 [RFC5878] Brown, M. and R. Housley, "Transport Layer Security (TLS) 338 Authorization Extensions", RFC 5878, DOI 10.17487/RFC5878, 339 May 2010, . 341 [RFC6520] Seggelmann, R., Tuexen, M., and M. Williams, "Transport 342 Layer Security (TLS) and Datagram Transport Layer Security 343 (DTLS) Heartbeat Extension", RFC 6520, 344 DOI 10.17487/RFC6520, February 2012, 345 . 347 [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, 348 "Transport Layer Security (TLS) Application-Layer Protocol 349 Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, 350 July 2014, . 352 16.2. Informative References 354 [I-D.ietf-tls-rfc4492bis] 355 Nir, Y., Josefsson, S., and M. Pegourie-Gonnard, "Elliptic 356 Curve Cryptography (ECC) Cipher Suites for Transport Layer 357 Security (TLS) Versions 1.2 and Earlier", draft-ietf-tls- 358 rfc4492bis-08 (work in progress), July 2016. 360 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an 361 IANA Considerations Section in RFCs", RFC 2434, 362 DOI 10.17487/RFC2434, October 1998, 363 . 365 [RFC6961] Pettersen, Y., "The Transport Layer Security (TLS) 366 Multiple Certificate Status Request Extension", RFC 6961, 367 DOI 10.17487/RFC6961, June 2013, 368 . 370 Authors' Addresses 372 Joe Salowey 373 Tableau Software 375 Email: joe@salowey.net 377 Sean Turner 378 sn3rd 380 Email: sean@sn3rd.com