IETF Logo Mail Archive

Re: [Last-Call] Last Call: <draft-ietf-tls-md5-sha1-deprecate-04.txt> (Deprecating MD5 and SHA-1 signature hashes in TLS 1.2) to Proposed Standard

tom petch <daedulus@btconnect.com> Fri, 16 October 2020 09:05 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4155F3A0E06; Fri, 16 Oct 2020 02:05:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.113
X-Spam-Level:
X-Spam-Status: No, score=-2.113 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KvGK2DvWkBgi; Fri, 16 Oct 2020 02:05:32 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20104.outbound.protection.outlook.com [40.107.2.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAF5D3A0E02; Fri, 16 Oct 2020 02:05:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RPARCRtYWhkmhgV2XGGSRFAmuXVeYhTTF9y894D3OV4vDdZrWZydM8k6PTa+1TVn4PvfAIkKlt/R4aQ+eRZ0LDJnbFlQmh0yU6ALTo4L5ZHFvtnYo5se9aLfOs/1wwXwJFtW2Z9AJcQX1x9NJsbtTEcrC+6ibiJYC4yGnadhXW8qerzWMlefx87Z1cTLzQ8vJB4n+2mBCL8SxFqtB9hEsf4hn6E45/ZI70r0XiUXC7eNRtBY8EurV/ZHKc8uMJCcZbg4FE3xAKBSXHiwbetw/mcyOOIoESPMi54aV83swZP/Kks9+a07G88y7GFGaTdZmNAlrNv/jNB3U2C2vLlkwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11+tgBrZSrH4qS3iYrT9C6PgRG6G8JI+CkLiHFoGuAg=; b=N/vKcXL0ErUoTPlB05gINa46oPaGhEmGfojeN/hOmTntOeqttFGPzPz9iWGQ0mn0mAiLfGMQ8SFAiSTej4jH3d6FgApX4Yij4EVVfoWVOkSl3VzKR8Fj3BEsE+vv9M4qctXMxf0DRaHrHEV+uXpl61pksD6lBcaxwtvKUhaWR7iiDq973QT28Y4RBYSCrZgKhQDCtfR5G5qm4LHl5TC77+mCgT5rbt9cPRG6yxCSGOFHuA0aAPsBQunc11acnnqpVm0Zdfbcj5ppqUZxkk3YHoG/8YohpaiuF73qNU+Kbrm6afTR77153ylptbjboREv7rbLR6oW+pFIbIY2/u2qIA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11+tgBrZSrH4qS3iYrT9C6PgRG6G8JI+CkLiHFoGuAg=; b=SO6uwl2CRMo2xoRqjFuo+AyY2VJajmMMmLZZg/T7SQLC+ctMQ7rpMnFr/pB1t2YYhKJjEr3rVbqxm9j+pw61ggj7t9FJ78T870R/3IKTCIiadVjxPXzc8NMzAp57anWmFyNqDU7SKwo4l51zVIEq2Z3NaOiOYWURZ/0Fd+/IO9w=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR07MB5501.eurprd07.prod.outlook.com (2603:10a6:803:b6::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.11; Fri, 16 Oct 2020 09:05:26 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6165:9c1c:e5b1:15db]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6165:9c1c:e5b1:15db%4]) with mapi id 15.20.3477.015; Fri, 16 Oct 2020 09:05:26 +0000
To: last-call@ietf.org, tls-chairs@ietf.org
References: <160270080535.5894.280254092203286109@ietfa.amsl.com> <5F896042.6090804@btconnect.com>
From: tom petch <daedulus@btconnect.com>
Message-ID: <5F896252.3070603@btconnect.com>
Date: Fri, 16 Oct 2020 10:05:22 +0100
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <5F896042.6090804@btconnect.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO2P265CA0178.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::22) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO2P265CA0178.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3477.21 via Frontend Transport; Fri, 16 Oct 2020 09:05:25 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0fab2060-0965-4ae6-017d-08d871b29ef8
X-MS-TrafficTypeDiagnostic: VI1PR07MB5501:
X-Microsoft-Antispam-PRVS: <VI1PR07MB5501F0A418CB5C3B6528B4DEC6030@VI1PR07MB5501.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: +YnHRGE87iszFqS5SqTNMri4+b/iNHH/ZG93POdb85B6/xdECcD1pPwUNU0BmjW1OhlVne5ucWpc5HyyAmxPSuiYk8eC1tNhFiQGGqOYjXRb/6XDSYRNSOwVAfG2baFIrS8nN0NMn/c8eE6T/DnxbMe88gBU9mEOONZ3WU4FWU6q/6xJj7bMuep/4denucR1HG0BwPRXFUbcBV/6+SgFTBsAx5ndOzxQz21X97HHwZs9MgM+w9WwFNT64ASNlUQlZjLZmtbAcKMG+5ZYclHsWOfoPwNxcWkvkJDNRTU4MdDyzN26tmzfHOWh+2dN4iACtiYtr6LEQMZ0B0KlfzWwIyyPoFLHoec95gEcM+bHNwoop2D0XsqMTA8ks/59/s8sgGs5JPFH6rbTQTke4G4cXw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(136003)(346002)(366004)(39860400002)(376002)(8936002)(6486002)(53546011)(52116002)(8676002)(26005)(5660300002)(2616005)(86362001)(87266011)(316002)(956004)(16526019)(186003)(2906002)(16576012)(4001150100001)(66556008)(450100002)(66946007)(33656002)(478600001)(83380400001)(36756003)(6666004)(966005)(66476007); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: D5ecS2dK8nE+CiqaX8MR+6bDq8Uu8xoc8kb8AXsyOksR4Y7uTG6jdgEH2onjk8lDGZoMJgf1y4yuFIUF1B0lkvmTVMJRuwQ0dYdaxDlTikfp8+boh8E36aQXAW1lmhctpb/AWqeIkn51MMJYG/3Xq7BKjSO0RpO9r2SJxQY2usEI0G9RIL2KneyoYvL//tTA3TfpU71eCCk3ItPcxzcg1kej4g4RHSnTzlYEScrcAcgpti6lhf9m6u3//9ycROmDCoQVk4PQLAp8uQgFV0Bm2wpB+TvhO1wKrJTEONLF84UjVWK7+CMP0HQAAWlcHcVf+M3x+ocz0EnBdVCxrb6x9u7hkO2wU+mpkEoTGmv/EnzYniXZjPB/uk5h7MHxwVl6jHNLp2Gd4SsPld0g1syI5WVp1dya6pwA2WSOFcuBWa4+PrqoaSyA80IH0yAZ5E4BP5+EjIng9bPKUp3xPkxWxWV95GGHRR6YJNNme4lO68GeWmDrjw37Pe5RGVFyL1JGYs22v/08CSo02KOgbx+INT26C+H3AAjextsJlxZy5C8Dsf/XiYzM68DQQK2NNumUiz1rawn6ysU57puUwJjwnycY4aeRVQNqZwjBE6jn/FpTA5eLsXSC+op/oUnu4vjOkHtZpsRuMgF3LFWmQGlIJg==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0fab2060-0965-4ae6-017d-08d871b29ef8
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Oct 2020 09:05:25.9748 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: DWvkPo3ZavVeTM6zuQ8iM93jwMsj6DcWx0wu8ig5BCEA20NyiCSXIvv8HMRowVVfdUA3+lyEp8Hy4UcSxVyszg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5501
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/6ceB-IE8xUAq3XKkJqV4Gy1OC9M>
Subject: Re: [Last-Call] Last Call: <draft-ietf-tls-md5-sha1-deprecate-04.txt> (Deprecating MD5 and SHA-1 signature hashes in TLS 1.2) to Proposed Standard
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2020 09:05:34 -0000

And I get a bounce message for cyberstorm.mu
no AAAA record.

Tom Petch

On 16/10/2020 09:56, tom petch wrote:
> I think that the first sentence could be improved.
>
> 'The MD5 and SHA-1 hashing algorithms are steadily weakening ...' sounds
> as if they are under attack from electrolytic corrosion or the
> death-watch beatle.
>
> I suggest
> NEW
> 'The MD5 and SHA-1 hashing algorithms are increasingly vulnerable to
> attack and this document deprecates their use in TLS 1.2 digital
> signatures.'
>
> And
>
> /This draft/This document/
>
> Tom Petch
>
> On 14/10/2020 19:40, The IESG wrote:
>>
>> The IESG has received a request from the Transport Layer Security WG
>> (tls) to
>> consider the following document: - 'Deprecating MD5 and SHA-1 signature
>> hashes in TLS 1.2'
>>    <draft-ietf-tls-md5-sha1-deprecate-04.txt> as Proposed Standard
>>
>> The IESG plans to make a decision in the next few weeks, and solicits
>> final
>> comments on this action. Please send substantive comments to the
>> last-call@ietf.org mailing lists by 2020-10-28. Exceptionally,
>> comments may
>> be sent to iesg@ietf.org instead. In either case, please retain the
>> beginning
>> of the Subject line to allow automated sorting.
>>
>> Abstract
>>
>>
>>     The MD5 and SHA-1 hashing algorithms are steadily weakening in
>>     strength and their deprecation process should begin for their use in
>>     TLS 1.2 digital signatures.  However, this document does not
>>     deprecate SHA-1 in HMAC for record protection.  This document updates
>>     RFC 5246 and RFC 7525.
>>
>>
>>
>>
>> The file can be obtained via
>> https://datatracker.ietf.org/doc/draft-ietf-tls-md5-sha1-deprecate/
>>
>>
>>
>> No IPR declarations have been submitted directly on this I-D.
>>
>>
>>
>>
>>
>> _______________________________________________
>> IETF-Announce mailing list
>> IETF-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf-announce
>> .
>>
>

v2.23.0 | Report a Bug | By Email