IETF Logo Mail Archive

Re: [TLS] DSS with other than SHA-1 algorithms

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 07 April 2011 03:48 UTC

Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 636EA3A69A4 for <tls@core3.amsl.com>; Wed, 6 Apr 2011 20:48:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.569
X-Spam-Level:
X-Spam-Status: No, score=-103.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0aTRWpNugnur for <tls@core3.amsl.com>; Wed, 6 Apr 2011 20:48:20 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 932253A69A7 for <tls@ietf.org>; Wed, 6 Apr 2011 20:48:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1302148205; x=1333684205; h=from:to:subject:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20hovav@cs.ucsd.edu,=20tls@ietf.org|Subject:=20Re: =20[TLS]=20DSS=20with=20other=20than=20SHA-1=20algorithms |In-Reply-To:=20<BANLkTikP0kAEkFJ91x09GpyMCBAmVGAiQQ@mail .gmail.com>|Message-Id:=20<E1Q7gEL-0001Q1-Vi@login01.fos. auckland.ac.nz>|Date:=20Thu,=2007=20Apr=202011=2015:50:01 =20+1200; bh=RRzRd0Fd0chhmc/q4srkGNFhX4EN6Y9Qr4xFkDKeHI4=; b=LucqTfeolgwu7i4gxGm9wGTrdAi071lgHQjrPXFn7Q8wnpLHTjdJfDbR zUFkxJ4P5wQBdBHqwkvzVnoVnDqml19OLkVjbrCXF9p2gIxX7rLk7PX1l x02gYdnpQhhIJGVl8yaKkN0XBDSrtXVbmOMMYuyLVwZ0mPEzs5tdQozPg A=;
X-IronPort-AV: E=Sophos;i="4.63,314,1299409200"; d="scan'208";a="55643713"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 07 Apr 2011 15:50:02 +1200
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Q7gEM-0006cq-GO; Thu, 07 Apr 2011 15:50:02 +1200
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Q7gEL-0001Q1-Vi; Thu, 07 Apr 2011 15:50:01 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: hovav@cs.ucsd.edu, tls@ietf.org
In-Reply-To: <BANLkTikP0kAEkFJ91x09GpyMCBAmVGAiQQ@mail.gmail.com>
Message-Id: <E1Q7gEL-0001Q1-Vi@login01.fos.auckland.ac.nz>
Date: Thu, 07 Apr 2011 15:50:01 +1200
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2011 03:48:22 -0000

Hovav Shacham <hovav@cs.ucsd.edu> writes:

>How about we remove DSA support from TLS, then?

Possibly a bit extreme, but we could at least mark it "historical" or 
"deprecated" or something.  In fact we could do that for an awful lot of 
existing cipher suites.  Note that this isn't changing the standard in any 
way, it's just documenting what's already the norm among implementations.  If 
a cipher suite's been in there for ten years and there are, approximately, 
zero cases of it being used, then saying "Don't bother with this one" in order 
to help guide implementers seems sensible.

Peter.

v2.23.0 | Report a Bug | By Email