IETF Logo Mail Archive

Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)

Dave Garrett <davemgarrett@gmail.com> Fri, 10 July 2015 15:54 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D731B2C96 for <tls@ietfa.amsl.com>; Fri, 10 Jul 2015 08:54:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6jgX7chNVFiv for <tls@ietfa.amsl.com>; Fri, 10 Jul 2015 08:54:56 -0700 (PDT)
Received: from mail-qg0-x22c.google.com (mail-qg0-x22c.google.com [IPv6:2607:f8b0:400d:c04::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ADA21B2A03 for <tls@ietf.org>; Fri, 10 Jul 2015 08:54:56 -0700 (PDT)
Received: by qgeg89 with SMTP id g89so131125694qge.3 for <tls@ietf.org>; Fri, 10 Jul 2015 08:54:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=H7dsTBwt4KtzID0tYJuvYg9P65HpV0UAAvfFGzhR194=; b=j1TjYLUIHbLjyhzMiQbcrVzrQjhdcuyG6JYqeiV6j+qeiKoj1p4ltIP6k4TimFZ8i+ kQHV3t/4UVyI6/gchobu3wR7K3ibCV58+m/qgNaD/s6v3tQt0lG3ZcBm7Ha0c0l/2iL1 EHdaJXw4ZmYi4ByVpwS+Mgq9ItoUUZwWT9u3yBJv7hVW2mGnTDo9io1eE2uAcDPWDv0h MoW9B7gVd9B5NgCdM20rFVmXns10bMCbMXIbU+NhN/+8IJHgidEcbNQsBsWuBvZYOitJ CdmM8kAdHiBS5XhWo0LQq6nHEjn/ffJoT0IXWdrIn4iZWj68tewg8huPwWHGELNiFjOW O79g==
X-Received: by 10.140.107.101 with SMTP id g92mr33433899qgf.58.1436543695493; Fri, 10 Jul 2015 08:54:55 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by smtp.gmail.com with ESMTPSA id 20sm5604058qkz.30.2015.07.10.08.54.54 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 10 Jul 2015 08:54:54 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Fri, 10 Jul 2015 11:54:53 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CALuAYvbteowTeyWe9VneRHgyvzTRS3LfKdorWt=jmEy2k+wNqw@mail.gmail.com> <201507101137.44703.davemgarrett@gmail.com> <20150710154912.GU28047@mournblade.imrryr.org>
In-Reply-To: <20150710154912.GU28047@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201507101154.53812.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AOU0e0xQvUgGclSICd0dcUGyixM>
Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 15:54:57 -0000

On Friday, July 10, 2015 11:49:12 am Viktor Dukhovni wrote:
> With time we learn to ignore some elements of specifications that
> don't make sense.  This is one such element.

Which will lead to problems like this because not everyone will agree on what parts to ignore. If you want it to actually work reliably, you're going to need to follow or amend the spec.


Dave

v2.23.0 | Report a Bug | By Email