Re: [TLS] Signature Algorithms

Eric Rescorla <ekr@rtfm.com> Tue, 17 March 2015 18:00 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6C8D1A87E7 for <tls@ietfa.amsl.com>; Tue, 17 Mar 2015 11:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Woap3hKRiYX for <tls@ietfa.amsl.com>; Tue, 17 Mar 2015 11:00:40 -0700 (PDT)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCCEC1A87E8 for <tls@ietf.org>; Tue, 17 Mar 2015 11:00:39 -0700 (PDT)
Received: by wibg7 with SMTP id g7so69885399wib.1 for <tls@ietf.org>; Tue, 17 Mar 2015 11:00:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=tmgnAMn5B7iz3OA44P6Vs1NuuE+gJw9xJRQGWD+B5SI=; b=gyKVV3d774RV7duXVKT032hTOYOJ49uThHmtDTK/GPuNQSyktbctrNR6RdruYqw7r+ FNnlpSpSiKbxJFPbUCvacLSytAUga8SRfeJI/bLj0/sWtpVmDa98D6sfZZgQmitmrIdD bMbhky18+Fpqp0zz0SXNVIj8Lt9dp/oYU+xXdJAJlmg+G+sEkxip8rBrpBkg6bMxlwyM tf0cm/keCCDq2CAgO7A8FEy1j3bqI/SMyxCAHrbBrNxk4q3fGGC28YJOvjC2I3XkF88g YEkioeY0E1327RjKbigPz2RrAOtszgfT2LeiHYn0kT2/803k3fhP8JRXgtC5/XSw8W61 X5fQ==
X-Gm-Message-State: ALoCoQmb2PxBT2DuJPI+46IRIZQI5oF7xXCzm0keXsC4vMN5ZpnZWC6dX9UbYbe+o/4qpEVCmGu6
X-Received: by 10.180.101.225 with SMTP id fj1mr133161500wib.56.1426615238446; Tue, 17 Mar 2015 11:00:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.205.198 with HTTP; Tue, 17 Mar 2015 10:59:58 -0700 (PDT)
In-Reply-To: <201503171341.40315.davemgarrett@gmail.com>
References: <19075EB00EA7FE49AFF87E5818D673D41145FB0C@PRODEXMB01W.eagle.usaa.com> <201503171341.40315.davemgarrett@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 17 Mar 2015 10:59:58 -0700
Message-ID: <CABcZeBNoVPi-8peRsdjksew0XDv=DnBnrqupk3zWoe+WVHXwSA@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary="f46d0442878884e4e305117fbea9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/BM0jQAnGlW6xbIuSyYRH36RowO0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Signature Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 18:00:43 -0000

On Tue, Mar 17, 2015 at 10:41 AM, Dave Garrett <davemgarrett@gmail.com>
wrote:

> On Saturday, March 14, 2015 11:40:38 pm Mehner, Carl wrote:
> > As we move into a world that lacks trusted SHA-1 signatures, a change in
> the text would be necessary in order for clients that drop SHA-1 from the
> supported hash algorithms to continue to connect to servers that send a
> certificate_list that includes roots signed with SHA-1.
>
> What's the viability of having TLS 1.3 drop support for SHA-1 for
> end-entity certificates? (not root or intermediary, yet)


I would not be in favor of this. Many people have certificates with very
long lifetimes
and this would effectively mean that people could not drop in TLS 1.3 for
1.2 on
their servers, which would be bad.

-Ekr




> This would of course be in addition to dropping all support for MD5, which
> I think is pretty much a given at this point.
>
> If it were to be new policy right this second, that wouldn't be great, but
> by the time TLS 1.3 is ready for widespread adoption I think that's a
> reasonable expectation. Latest survey shows the SHA-1 to SHA-2 ratio at
> about 2:3 and improving steadily. SHA-2 will probably be used in the
> majority within a couple months or so.
>
>
> Dave
>