Skip to main content

12. IANA Considerations

This document uses several value spaces maintained in IANA registries. This section documents the impact and requirements of RFC 5246 on these registries.

12.1. TLS Content Type Registry

The TLS record layer uses the ContentType field to indicate the content of the record. IANA maintains the TLS Content Type Registry, with defined values including:

  • change_cipher_spec(20)
  • alert(21)
  • handshake(22)
  • application_data(23)

New content type values are assigned by IETF Consensus, as defined in RFC 5226.

12.2. TLS Alert Registry

TLS uses the AlertDescription field to indicate the nature of an alert. IANA maintains the TLS Alert Registry. Alerts defined by RFC 5246 include:

  • close_notify(0)
  • unexpected_message(10)
  • bad_record_mac(20)
  • decryption_failed_RESERVED(21)
  • record_overflow(22)
  • decompression_failure(30)
  • handshake_failure(40)
  • bad_certificate(42)
  • unsupported_certificate(43)
  • certificate_revoked(44)
  • certificate_expired(45)
  • certificate_unknown(46)
  • illegal_parameter(47)
  • unknown_ca(48)
  • access_denied(49)
  • decode_error(50)
  • decrypt_error(51)
  • protocol_version(70)
  • insufficient_security(71)
  • internal_error(80)
  • user_canceled(90)
  • no_renegotiation(100)
  • unsupported_extension(110)

New alert values are assigned by IETF Consensus.

12.3. TLS Handshake Type Registry

The TLS handshake protocol uses the HandshakeType field to identify handshake message types. IANA maintains the TLS Handshake Type Registry. Defined types include:

  • hello_request(0)
  • client_hello(1)
  • server_hello(2)
  • certificate(11)
  • server_key_exchange(12)
  • certificate_request(13)
  • server_hello_done(14)
  • certificate_verify(15)
  • client_key_exchange(16)
  • finished(20)

New handshake type values are assigned by IETF Consensus.

12.4. TLS Cipher Suite Registry

TLS uses cipher suite identifiers to specify the combination of cryptographic algorithms to be used. IANA maintains the TLS Cipher Suite Registry. RFC 5246 defines multiple cipher suites, including:

  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • (and several other suites, see Appendix A.5 for details)

New cipher suite values can be assigned through one of the following methods:

  • IETF Consensus: For cipher suites in standards track or BCP RFCs
  • Specification Required: For other cases, requiring a publicly available specification

12.5. TLS Extension Type Registry

TLS Hello messages may contain extensions. IANA maintains the TLS Extension Type Registry. RFC 5246 defines the signature_algorithms(13) extension.

New extension type values are assigned by IETF Review or IESG Approval according to RFC 5226.

12.6. Other Registries

TLS also uses the following IANA-maintained registries:

  • TLS Compression Method Registry: For specifying compression algorithms
  • TLS EC Curve Type Registry: For elliptic curve cryptography
  • TLS EC Point Format Registry: For representation of EC points
  • TLS Signature Algorithm Registry: For digital signature algorithms

Note: For complete IANA registration requirements and procedures, please refer to the full text of Section 12 of RFC 5246.

Last updated on