-- notesonly; copied from www.iana.org 2018-08-07only 2018-08-08 7. TLS ExtensionType ValuesNoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the extension.NoteNote: As specified in [RFC8126], assignments made in the Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range to ensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available.NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.Note The following extensions are only applicable to (D)TLS protocol versions prior to 1.3: trusted_ca_keys, truncated_hmac, user_mapping, cert_type, ec_point_formats, srp, status_request_v2, encrypt_then_mac, extended_master_secret, session_ticket, renegotiation_info, client_certificate_url, client_authz, server_authz, and cached_info. These extensions are not applicable to (D)TLS 1.3.8. TLS Cipher Suites RegistryNoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementing cipher suites listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security.NoteNote: Although TLS 1.3 uses the same cipher suite space as previous versions of TLS, TLS 1.3 cipher suites are defined differently, only specifying the symmetricciphers,ciphers and hash function, and cannot be used for TLS 1.2. Similarly, TLS 1.2 and lower cipher suite values cannot be used with TLS 1.3.NoteNote: CCM_8 cipher suites are not marked asRecommended."Recommended". These cipher suites have a significantly truncated authentication tag that represents a security trade-off that may not be appropriate for general environments.NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.NoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the cipher suite.NoteNote: As specified in [RFC8126], assignments made in the Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range to ensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available. 9. TLS Supported GroupsNote Renamed from "EC Named Curve Registry" NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.NoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the supported group.NoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementingcryptographic algorithmssupported groups listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security. 10. TLS ClientCertificateType Identifiers-- Currently there are zero notes on https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 12. TLS Exporter Labels Registry Note (1) These entries are reserved and MUST NOT be used forNote: The role of thepurposedesignated expert is described in[RFC5705], in orderRFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available. It is sufficient toavoid confusion with similar,have an Internet-Draft (that is posted and never published as an RFC) or a document from another standards body, industry consortium, university site, etc. The expert may provide more in-depth reviews, butdistinct usetheir approval should not be taken as an endorsement of the identifier. Note: As specified in[RFC5246]. Note[RFC8126], assignments made in the Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range to ensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available. 12. TLS Exporter Labels Registry Note: [RFC5705] defines keying material exporters for TLS in terms of the TLS PRF.[RFC-ietf-tls-tls13-28][RFC8446] replaced the PRF with HKDF, thus requiring a new construction. The exporter interface remains thesame, howeversame; however, the value is computed differently.NoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of theexporter.exporter label. The expert also verifies that the label is a string consisting of printable ASCII characters beginning with "EXPORTER". IANA MUST also verify that one label is not a prefix of any other label. For example, labels "key" or "master secretary" are forbidden.NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. 14. TLS Certificate TypesNoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide morein depthin-depth reviews, but their approval should not be taken as an endorsement of the certificate type.NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. 15. Orphaned Extensions -- TLS ExtensionType Values registry:NoteNote: The following extensions are only applicable to (D)TLS protocol versions prior to 1.3: trusted_ca_keys, truncated_hmac, user_mapping, cert_type, ec_point_formats, srp, status_request_v2, encrypt_then_mac, extended_master_secret, session_ticket, renegotiation_info, client_certificate_url, client_authz, server_authz, and cached_info. These extensions are not applicable to (D)TLS 1.3. 16. Orphaned Registries -- TLS Compression Method Identifiers registry [RFC3749]:NoteNote: Value 0 (NULL) is the only value in this registry applicable to (D)TLS protocol version 1.3 or later. -- TLS HashAlgorithm [RFC5246]NoteNote: The values in this registry are only applicable to (D)TLS protocol versions prior to 1.3. (D)TLS 1.3 and later versions' values are registered in the TLS SignatureScheme registry. -- and the sameonin TLS SignatureAlgorithmregistries [RFC5246]: NoteNote: The values in this registry are only applicable to (D)TLS protocol versions prior to 1.3. (D)TLS 1.3 and later versions' values are registered in the TLS SignatureScheme registry. -- TLS ClientCertificateType Identifiers registry [RFC5246]:-- Currently there are zero notes onNote: The values in thisregistry.registry are only applicable to (D)TLS protocol versions prior to 1.3. --theTLS HashAlgorithmNoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementing the cryptographic algorithms listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security. -- and the sameonin TLS SignatureAlgorithmNoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementing the cryptographic algorithms listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security. 17. Additional Notes -- TLS SignatureScheme registry:NoteWARNING: Cryptographic algorithms and parameters will be broken or weakened over time. Blindly implementingcryptographic algorithmssignature schemes listed here is not advised. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security.NoteNote: As specified in [RFC8126], assignments made in the Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range to ensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available. -- TLS PskKeyExchangeMode registry:NoteNote: If an item is not marked asRecommended"Recommended", it does not necessarily mean that it is flawed; rather, it indicates thateitherthe item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.NoteNote: The role of the designated expert is described in[RFC-ietf-tls-iana-registry-updates-05].RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available.An Internet Draft thatIt is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or astandard indocument from another standards body, industry consortium, university site, etc.suffices.The expert may provide more in depth reviews, but their approval should not be taken as an endorsement of the key exchange mode.