Part 2: TLS considerations section may be ambiguous

I'm having trouble figuring out exactly what section 8.5 means. In particular this piece of text:

The cipher suites listed below and also in section 4.2 of [RFC7525] that support authenticated encryption
(AEAD) algorithms shall be used to ensure TLS message confidentiality and integrity: 
* `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`
* `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`

I believe the intention here was to state that only these 4 ciphers shall be used, that the recommendations come from RFC7525, and that the FAPI spec will be updated from time to time as new recommendations emerge.

The alternative reading is that cipher suites allowed in 4.2 of RFC7525 are also okay. This would technically mean that TLS_RSA_WITH_AES_128_CBC_SHA (as per 4.2.1 paragraph 3) would be allowed, and also reduces the 'shall' we have in our phrase down to a 'recommended'.

Perhaps this should be reworded as:

The recommendations for Secure Use of Transport Layer Security in RFC7525 shall be followed, with the following exception:

Only the following 4 cipher suites shall be permitted:

* `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`
* `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`

Comments (6)