IETF Logo Mail Archive

[TLS] progressing draft-ietf-tls-md5-sha1-deprecate

Sean Turner <sean@sn3rd.com> Fri, 27 August 2021 14:58 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F47A3A0926 for <tls@ietfa.amsl.com>; Fri, 27 Aug 2021 07:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6RS5B8jMXhJ4 for <tls@ietfa.amsl.com>; Fri, 27 Aug 2021 07:58:26 -0700 (PDT)
Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7C163A0925 for <tls@ietf.org>; Fri, 27 Aug 2021 07:58:26 -0700 (PDT)
Received: by mail-qv1-xf31.google.com with SMTP id g11so4147358qvd.2 for <tls@ietf.org>; Fri, 27 Aug 2021 07:58:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=9Wr5oj6/VmPRBPMlxlTFbZOA2ZwW2qj5XdX7M5QmQU4=; b=RyVpwLxx4yCbFhFJXLxAMlE/oktAeLWVSasQ6fbYnQMgAEXpcVhRcaRR13HrOSFV+S hZEzYlmttNpZ83ARU9n9lr/ASPbEn9KZOKjCsjlz4NVj1qeer7O9Ag7KYHoWsEA+CP65 rvQI6xskLk4Lm5tR7Jn0hMny8XlBWxetigzkM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=9Wr5oj6/VmPRBPMlxlTFbZOA2ZwW2qj5XdX7M5QmQU4=; b=b0tE0RA3Y9S1LeYYtuSxbt83Fq9uGu5UNxksPAG7cw7+NgIXJbuyDGW1kjanoAIEYX 0GXJbPouZ0LkNeHH/8lvLaUOtG1+c0zFwUo/zUJ71QQZWCjkqyIxCC1zRarPgEPd9ThY QzbzNnkD8iYQCA3T8S/t9RqnfjK2H4Q8behcPbWSuOSdDmqZxhyJwRhh3mrT1MchplMZ bmT/c4we9A1qGC8EmKDL/1AKRsb9p3+ibrqyP0VZNxBCUkpaZfCjAPOd8XhTAuZK/eTi 0Swu7w0AAwiSKioCwHvst7fZKMcczyijT4ty/8AWs9BElMBGPAm3LUbQ9b6gvXGFIvsW sTog==
X-Gm-Message-State: AOAM532U4HhUEthi46wrYNlY58ncTDZXhQ30weF09LxQl9I7y8YVuDvK /v5xmm7A5sSfHyYaShdnCvEcQUASecT29Q==
X-Google-Smtp-Source: ABdhPJzULTRhcki4fIyOuvFZ0SKk4eYJwTG/VJsYo9WO3S/BjGLxxGKBupE6rEPOR/EI+nwy/QOcZg==
X-Received: by 2002:ad4:4647:: with SMTP id y7mr7341097qvv.54.1630076304312; Fri, 27 Aug 2021 07:58:24 -0700 (PDT)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id c4sm2724458qkf.122.2021.08.27.07.58.23 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Aug 2021 07:58:23 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Message-Id: <2E45B809-B25D-43F6-88A4-D89AA2231C3B@sn3rd.com>
Date: Fri, 27 Aug 2021 10:58:22 -0400
To: TLS List <tls@ietf.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EbZVnc2wMQ8L8nPs8Xu9_yIBqt4>
Subject: [TLS] progressing draft-ietf-tls-md5-sha1-deprecate
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Aug 2021 14:58:33 -0000

Hi! While address the IoT Directorate comments from IETF LC, some addition comments have been received. I would like to address these new comments and get the I-D in the hands of the iESG. There were three set of comments:

1) Based on Daniels and David Benjamin’s reviews, the I-D is not as clear as it could be. The end result of deprecating MD5 and SHA1 is that signature_algorithms is always included; we should just say that. Chris has submitted the following PR to address this:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/19
You will notice that the PR removes section 6 of the I-D; it is unclear how much utility there is in updating the NOTE.

We are looking to merge this PR at the end of next week so please submit any comments before then.

2) Hannes suggested that we remove the 7525 updates text now that 7525bis is underway. I submitted this issue to capture the issue:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/issues/17
Peter Saint-Andre (one of the 7525bis authors) has filled the following issue to incorporate the text from our I-D: 
https://github.com/yaronf/I-D/issues/245
Yaron has already merged the PR:
https://github.com/yaronf/I-D/pull/248
Chris has also kindly submitted this PR to remove the 7525bis-related text from “our" I-D:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/18

Again, we are looking to merge this PR at the end of next week so please submit any comments before then.

3) Hannes also had some editorial suggestions, that I created issues for:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/issues/16
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/issues/15
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/issues/14
These are addressed in this PR:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/20

These ought to all be non-controversial, so we will merge them sometime next week.

Cheers,
spt (as Shepherd)

v2.23.0 | Report a Bug | By Email