I agree with "everyone"; it seems like these fall into what "not recommended" is intended to encompass. I don't have a preference for whether there's an extra annotation about IoT usage.
-Ben On 10/09/2017 06:05 PM, Sean Turner wrote: > Anybody else has thoughts on this? > > spt > >> On Oct 3, 2017, at 18:53, Sean Turner <s...@sn3rd.com> wrote: >> >> In the IANA registries draft >> (https://github.com/tlswg/draft-ietf-tls-iana-registry-updates), we’ve added >> a recommended column to the Cipher Suites (CSs) registry (and some others). >> Right now, the criteria for getting a recommended mark is AEAD ciphers with >> strong authentication standards track ciphers. While that’s great >> generally, the list we’ve got five CSs that gave Joe and I pause: >> >> TLS_DHE_RSA_WITH_AES_128_CCM_8 >> TLS_DHE_RSA_WITH_AES_256_CCM_8 >> TLS_PSK_DHE_WITH_AES_128_CCM_8 >> TLS_PSK_DHE_WITH_AES_256_CCM_8 >> TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 >> >> The CCM_8 CSs have a significantly truncated authentication tag that >> represents a security trade-off that may not be appropriate for general >> environment. In other words, this might be great for some IoT device but we >> should not generally be recommending these. >> >> We’re recommending that these five suites be dropped from the recommended >> list. Please let us know what you think. >> >> J&S >> (editor hats on) > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
