Re: [TLS] [Iot-directorate] [Last-Call] Iotdir last call review of draft-ietf-tls-md5-sha1-deprecate-04

Hi,

Just to sum, up my initial comment proposed to mention as being removed
remove the texts mentioned below. Since Sean mentioned that removing a text
with MUST can be problematic, for the first text we can also just explain
that in the context of this draft, the first text ends in being some dead
code. I would be interested to understand - and only for my personal
understanding - why removing a text with MUST is harder than a text with
MAY.

My understanding is that the current proposal is to remove the second text,
and that the case of the first text has not been concluded - of course
unless I am missing something. As a result, I think I hope we can converge
for the two texts and I am fine the first text being mentioned as removed
or ending as  dead code.

 """
If the client does not send the signature_algorithms extension, the
server MUST do the following:
-  If the negotiated key exchange algorithm is one of (RSA, DHE_RSA,
   DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA), behave as if client had
   sent the value {sha1,rsa}.

-  If the negotiated key exchange algorithm is one of (DHE_DSS,
   DH_DSS), behave as if the client had sent the value {sha1,dsa}.

-  If the negotiated key exchange algorithm is one of (ECDH_ECDSA,
   ECDHE_ECDSA), behave as if the client had sent value {sha1,ecdsa}.
"""

"""
If the client supports only the default hash and signature algorithms
(listed in this section), it MAY omit the signature_algorithms
extension.
"""

Yours,
Daniel

On Fri, Jul 30, 2021 at 5:10 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com>
wrote:

> I have no problem with the suggestion.
>
> A few other observations:
>
> 1. FWIW: The reference to [Wang] is incomplete.
>
> 2. The references to the other papers use the websites of the authors or
> project websites. I would use more stable references.
>
> 3. Kathleen's affiliation is also outdated.
>
> 4. Is the update to RFC 7525 relevant given that there is an update of RFC
> 7525 in progress (see
> https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis-01) and
> even near completion?
>
> 5. The title of the draft gives the impression that this update only
> refers to TLS 1.2 but later in the draft DTLS is also included via the
> reference to RFC 7525. Should the title be changed to "Deprecating MD5 and
> SHA-1 signature hashes in TLS/DTLS 1.2"?
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: Iot-directorate <iot-directorate-bounces@ietf.org> On Behalf Of
> Russ Housley
> Sent: Wednesday, July 28, 2021 10:34 PM
> To: Sean Turner <sean@sn3rd.com>; IETF TLS <tls@ietf.org>
> Cc: iot-directorate@ietf.org;
> draft-ietf-tls-md5-sha1-deprecate.all@ietf.org; last-call@ietf.org
> Subject: Re: [Iot-directorate] [TLS] [Last-Call] Iotdir last call review
> of draft-ietf-tls-md5-sha1-deprecate-04
>
> >   In Section 7.1.4.1: the following text is removed:
>
>      If the client supports only the default hash and signature algorithms
>      (listed in this section), it MAY omit the signature_algorithms
>      extension.
>
> >   Since it’s a MAY, I am a-okay with deleting. Anybody else see harm?
>
> I don't see any harm.
>
> Russ
>
> --
> Iot-directorate mailing list
> Iot-directorate@ietf.org
> https://www.ietf.org/mailman/listinfo/iot-directorate
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

-- 
Daniel Migault
Ericsson