Re: [Iot-directorate] [TLS] [Last-Call] Iotdir last call review of draft-ietf-tls-md5-sha1-deprecate-04
Sean Turner <sean@sn3rd.com> Fri, 30 July 2021 23:32 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74CBA3A16B7 for <iot-directorate@ietfa.amsl.com>; Fri, 30 Jul 2021 16:32:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7YDTnEd4j-cR for <iot-directorate@ietfa.amsl.com>; Fri, 30 Jul 2021 16:32:01 -0700 (PDT)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6D603A16AE for <iot-directorate@ietf.org>; Fri, 30 Jul 2021 16:32:00 -0700 (PDT)
Received: by mail-qk1-x733.google.com with SMTP id z24so11039446qkz.7 for <iot-directorate@ietf.org>; Fri, 30 Jul 2021 16:32:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=QErpKC9POmetNcCXgAxg30qa6zYMS0KM3deSiytsM7U=; b=i1yoEfY0Bk+0OVnXvs6pDEyfFqJDmeE3isg53RaELaTzs/kyhJ3wkNrSN12O2AORRi YyKfY64QRajxIfSIk8Dt+MMJRT7Biojwl5xks00t3qKwVm2ea8ZUrr8kY5h/k5t7RIPz bAlc9sU9Nv2xYtmwnzel+12cnwF1URZI1ZRbs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=QErpKC9POmetNcCXgAxg30qa6zYMS0KM3deSiytsM7U=; b=XfoOLhM8DEd3SBHErewnBxuOhj603yOHYeflpCyuDBi5NxC3IMyrUKWi73Z10We9GP /7ft6nMZ4ALGWmaTiO7ZSGezK9eU9HcNVrQ+8WG5vRXGMN06bK2gvLj9la25pLE30P1F 0GZ8Ch3vd6YxxEjB4w+IlWW6DLTAbXeejJB9WFe2rZsVZj1Xt1vE8+a7rZ0CRgzzSEVs bNzYwWRvby/pSJA6iNvPnBSXfkOq7y7ppj//6lUxICkFXsJb+HFRj6oXtZ1uLTY/4RSf eMCfc3I3/HrMWuPQu2+RRhfnQ2LDzNgjV6M116GEUIzRHuuOjB++pdCtrnCk1G1+8azS gZlw==
X-Gm-Message-State: AOAM5309YrNLTFnJ2cFDv7k2BtpHCMcfWHoQ9le2t99KNmNzB9xpEug3 IQGGqDKtDd+9BvgFS1p+sm2trg==
X-Google-Smtp-Source: ABdhPJwbTPWGxq4oQSQfVhEyEdmZKDi4AhVGf4MteroNLtUuL9NiwJVB+mMh3H4DWd4DCGNBrMiZYg==
X-Received: by 2002:a37:2d04:: with SMTP id t4mr4718354qkh.463.1627687919398; Fri, 30 Jul 2021 16:31:59 -0700 (PDT)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id q11sm1636221qkm.56.2021.07.30.16.31.58 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Jul 2021 16:31:58 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <DBBPR08MB5915AE02B525DE00B05F9EBEFAEC9@DBBPR08MB5915.eurprd08.prod.outlook.com>
Date: Fri, 30 Jul 2021 19:31:57 -0400
Cc: Russ Housley <housley@vigilsec.com>, TLS List <tls@ietf.org>, "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "draft-ietf-tls-md5-sha1-deprecate.all@ietf.org" <draft-ietf-tls-md5-sha1-deprecate.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3AAD2078-4005-440E-8D79-EFDCFF492FC9@sn3rd.com>
References: <160380837029.27888.4435196327617929302@ietfa.amsl.com> <9EA8797E-2487-4465-9608-6CCB6E565BEE@sn3rd.com> <CADZyTk=_WSrc+UfKmZ6b=HzmfEvitu1p6Q9N7GvkHUn3619dnw@mail.gmail.com> <CAOp4FwRyd7tAcbQJR3Td_N=SgdUionwvbXfva2_tnvXcvHWkvA@mail.gmail.com> <CADZyTknQhh=yNf2isOutZa1XKoHtk6dOvE6hgXni8JowsJm=eQ@mail.gmail.com> <C93021E9-3F50-4448-8659-EE6688C3A9E0@sn3rd.com> <C9D655C0-BD5E-4E52-BFF4-BD88D281B34B@sn3rd.com> <CADZyTknWs-kNp4EO39souKQwHsT=EAWOQ_E5Z4J77KFgudhhhg@mail.gmail.com> <CADZyTk=tgThJ7RJ_=K=gdDYcUWkhy0AjcLB_Nvf1=UEUBrzAUQ@mail.gmail.com> <32892AD4-EA0B-49F2-9CFD-FA9509FA3010@sn3rd.com> <A48DAF03-F2CB-4448-B9E8-6AE4ECB77565@vigilsec.com> <DBBPR08MB5915AE02B525DE00B05F9EBEFAEC9@DBBPR08MB5915.eurprd08.prod.outlook.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/RsgqbXEnUUX1TG-QBnHxMknhj-M>
Subject: Re: [Iot-directorate] [TLS] [Last-Call] Iotdir last call review of draft-ietf-tls-md5-sha1-deprecate-04
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 23:32:10 -0000
> On Jul 30, 2021, at 05:08, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: > > I have no problem with the suggestion. > > A few other observations: > > 1. FWIW: The reference to [Wang] is incomplete. The same ref was used in RFC 6194, but we could also use: https://www.iacr.org/archive/crypto2005/36210017/36210017.pdf > 2. The references to the other papers use the websites of the authors or project websites. I would use more stable references. We can replace: http://shattered.io/static/shattered.pdf with https://eprint.iacr.org/2017/190 and (is the INRIA site better?) ttps://www.mitls.org/downloads/transcript-collisions.pdf with https://hal.inria.fr/hal-01244855/document > 3. Kathleen's affiliation is also outdated. Ah I thought we fixed that. Anyway we’ll change it to: CIS > 4. Is the update to RFC 7525 relevant given that there is an update of RFC 7525 in progress (see https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis-01) and even near completion? I do not have a problem moving the text. I might also solve the can a standard update a BCP question. What do people think? > 5. The title of the draft gives the impression that this update only refers to TLS 1.2 but later in the draft DTLS is also included via the reference to RFC 7525. Should the title be changed to "Deprecating MD5 and SHA-1 signature hashes in TLS/DTLS 1.2"? We could do (D)TLS 1/2 too. > Ciao > Hannes > > -----Original Message----- > From: Iot-directorate <iot-directorate-bounces@ietf.org> On Behalf Of Russ Housley > Sent: Wednesday, July 28, 2021 10:34 PM > To: Sean Turner <sean@sn3rd.com>; IETF TLS <tls@ietf.org> > Cc: iot-directorate@ietf.org; draft-ietf-tls-md5-sha1-deprecate.all@ietf.org; last-call@ietf.org > Subject: Re: [Iot-directorate] [TLS] [Last-Call] Iotdir last call review of draft-ietf-tls-md5-sha1-deprecate-04 > >> In Section 7.1.4.1: the following text is removed: > > If the client supports only the default hash and signature algorithms > (listed in this section), it MAY omit the signature_algorithms > extension. > >> Since it’s a MAY, I am a-okay with deleting. Anybody else see harm? > > I don't see any harm. > > Russ > > -- > Iot-directorate mailing list > Iot-directorate@ietf.org > https://www.ietf.org/mailman/listinfo/iot-directorate > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Iot-directorate] Iotdir last call review of draf… Daniel Migault via Datatracker
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Daniel Migault
- Re: [Iot-directorate] [Last-Call] Iotdir last cal… Michael Richardson
- Re: [Iot-directorate] [Last-Call] Iotdir last cal… Sean Turner
- Re: [Iot-directorate] Iotdir last call review of … Sean Turner
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Sean Turner
- Re: [Iot-directorate] Iotdir last call review of … Eric Vyncke (evyncke)
- Re: [Iot-directorate] Iotdir last call review of … Sean Turner
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Daniel Migault
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Daniel Migault
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Loganaden Velvindron
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Daniel Migault
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Sean Turner
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Sean Turner
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Daniel Migault
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Daniel Migault
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Sean Turner
- Re: [Iot-directorate] [TLS] Iotdir last call revi… Sean Turner
- Re: [Iot-directorate] [Last-Call] [TLS] Iotdir la… Salz, Rich
- Re: [Iot-directorate] [TLS] [Last-Call] Iotdir la… Russ Housley
- Re: [Iot-directorate] [TLS] [Last-Call] Iotdir la… Hannes Tschofenig
- Re: [Iot-directorate] [TLS] [Last-Call] Iotdir la… Daniel Migault
- Re: [Iot-directorate] [TLS] [Last-Call] Iotdir la… Sean Turner
- Re: [Iot-directorate] [TLS] [Last-Call] Iotdir la… Sean Turner
- Re: [Iot-directorate] [TLS] [Last-Call] Iotdir la… David Benjamin
- Re: [Iot-directorate] [TLS] [Last-Call] Iotdir la… Peter Saint-Andre