-- notes only;copiedextracted fromwww.iana.org 2018-08-07rfc8447.txt 7. TLS ExtensionType ValuesNoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt's sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the extension.NoteNote: As specified in [RFC8126], assignments made in the Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range to ensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available.NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.Note The following extensions are only applicable to (D)TLS protocol versions prior to 1.3: trusted_ca_keys, truncated_hmac, user_mapping, cert_type, ec_point_formats, srp, status_request_v2, encrypt_then_mac, extended_master_secret, session_ticket, renegotiation_info, client_certificate_url, client_authz, server_authz, and cached_info. These extensions are not applicable to (D)TLS 1.3.Note: token_binding is omitted from the above table; [TOKBIND] specifies the "Recommended" column for this extension. 8. TLS Cipher Suites RegistryNoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementing cipher suites listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security.NoteNote: Although TLS 1.3 uses the same cipher suite space as previous versions of TLS, TLS 1.3 cipher suites are defined differently, only specifying the symmetric ciphers, and cannot be used for TLS 1.2. Similarly, TLS 1.2 and lower cipher suite values cannot be used with TLS 1.3.NoteNote: CCM_8 cipher suites are not marked asRecommended."Recommended". These cipher suites have a significantly truncated authentication tag that represents a security trade-off that may not be appropriate for general environments.NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.NoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt's sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the cipher suite.NoteNote: As specified in [RFC8126], assignments made in the Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range to ensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available. 9. TLS Supported GroupsNote Renamed from "EC Named Curve Registry" NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.NoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt's sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the supported group.NoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementing cryptographic algorithms listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security. 10. TLS ClientCertificateType Identifiers-- Currently there are zero notes on https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 12. TLS Exporter Labels Registry Note (1) These entries are reservedNote: The role of the designated expert is described in RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available. It's sufficient to have an Internet-Draft (that is posted andMUST NOTnever published as an RFC) or a document from another standards body, industry consortium, university site, etc. The expert may provide more in-depth reviews, but their approval should not beused fortaken as an endorsement of thepurpose describedidentifier. Note: As specified in[RFC5705],[RFC8126], assignments made inorderthe Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range toavoid confusion with similar, but distinctensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available. Note: ClientCertificateType Identifiers marked as "Y" are those allocated via Standards Track RFCs. ClientCertificateTypes marked as "N" are not. Note: If an item is not marked as "Recommended", it does not necessarily mean that it is flawed; rather, it indicates that the item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific usein [RFC5246]. Notecases. 12. TLS Exporter Label Registry Note: [RFC5705] defines keying material exporters for TLS in terms of the TLS PRF.[RFC-ietf-tls-tls13-28][RFC8446] replaced the PRF with HKDF, thus requiring a new construction. The exporter interface remains thesame, howeversame; however, the value is computed differently.NoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt's sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the exporter. The expert also verifies that the label is a string consisting of printable ASCII characters beginning with "EXPORTER". IANA MUST also verify that one label is not a prefix of any other label. For example, labels "key" or "master secretary" are forbidden.NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. 14. TLS Certificate TypesNoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt's sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the certificate type.NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. 15. Orphaned Extensions -- TLS ExtensionType Values registry:NoteNote: The following extensions are only applicable to (D)TLS protocol versions prior to 1.3: trusted_ca_keys, truncated_hmac, user_mapping, cert_type, ec_point_formats, srp, status_request_v2, encrypt_then_mac, extended_master_secret, session_ticket, renegotiation_info, client_certificate_url, client_authz, server_authz, and cached_info. These extensions are not applicable to (D)TLS 1.3. 16. Orphaned Registries -- TLS Compression Method Identifiers registry [RFC3749]:NoteNote: Value 0 (NULL) is the only value in this registry applicable to (D)TLS protocol version 1.3 or later. -- TLS HashAlgorithm [RFC5246]NoteNote: The values in this registry are only applicable to (D)TLS protocol versions prior to 1.3. (D)TLS 1.3 and later versions' values are registered in the TLS SignatureScheme registry. -- and the same on TLS SignatureAlgorithm registries [RFC5246]:NoteNote: The values in this registry are only applicable to (D)TLS protocol versions prior to 1.3. (D)TLS 1.3 and later versions' values are registered in the TLS SignatureScheme registry. -- TLS ClientCertificateType Identifiers registry [RFC5246]:-- Currently there are zero notes onNote: The values in thisregistry.registry are only applicable to (D)TLS protocol versions prior to 1.3. -- the HashAlgorithmNoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementing the cryptographic algorithms listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security. -- and the same on SignatureAlgorithmNoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementing the cryptographic algorithms listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security. 17. Additional Notes -- TLS SignatureScheme registry:NoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementing cryptographic algorithms listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security.NoteNote: As specified in [RFC8126], assignments made in the Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range to ensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available. -- TLS PskKeyExchangeMode registry:NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.NoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt's sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide more in depth reviews, but their approval should not be taken as an endorsement of the key exchange mode.