Part 2: TLS considerations section may be ambiguous

Issue #99 closed
Joseph Heenan created an issue

I'm having trouble figuring out exactly what section 8.5 means. In particular this piece of text:

#!markup

The cipher suites listed below and also in section 4.2 of [RFC7525] that support authenticated encryption
(AEAD) algorithms shall be used to ensure TLS message confidentiality and integrity: 
* `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`
* `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`

I believe the intention here was to state that only these 4 ciphers shall be used, that the recommendations come from RFC7525, and that the FAPI spec will be updated from time to time as new recommendations emerge.

The alternative reading is that cipher suites allowed in 4.2 of RFC7525 are also okay. This would technically mean that TLS_RSA_WITH_AES_128_CBC_SHA (as per 4.2.1 paragraph 3) would be allowed, and also reduces the 'shall' we have in our phrase down to a 'recommended'.

Perhaps this should be reworded as:

#!markup

The recommendations for Secure Use of Transport Layer Security in RFC7525 shall be followed, with the following exception:

Only the following 4 cipher suites shall be permitted:

* `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`
* `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`

Comments (3)

  1. Joseph Heenan reporter

    We talked about this on today's call. The consensus seemed to be that we should go with my wording, but with RFC7525 substituted for BCP195 so that any future updates to BCP195 are automatically incorporated.

    I will prepare a pull request.

  2. Nat Sakimura

    Part 2: Clarify TLS considerations section

    The changes for issue #92 left it slightly unclear how the reference to RFC7525 was to be interpreted. This change clarifies the wording to match our intentions.

    closes #99

    → <<cset 620042170c64>>

  3. Log in to comment