Re: [TLS] Lars Eggert's Yes on draft-ietf-tls-md5-sha1-deprecate-08: (with COMMENT)

Sean Turner <sean@sn3rd.com> Mon, 20 September 2021 14:42 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B91E3A12D2 for <tls@ietfa.amsl.com>; Mon, 20 Sep 2021 07:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4oclozxyX6Td for <tls@ietfa.amsl.com>; Mon, 20 Sep 2021 07:42:11 -0700 (PDT)
Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 578CD3A12CE for <tls@ietf.org>; Mon, 20 Sep 2021 07:42:11 -0700 (PDT)
Received: by mail-qv1-xf31.google.com with SMTP id w9so11254259qvs.12 for <tls@ietf.org>; Mon, 20 Sep 2021 07:42:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9cMG0AADDR4AQLZYPc6fbQSGVzybJmT9GSKI6o1jG4c=; b=Fmg/t4ji0c9njBA4pbSuP8rtX2EWZ3pS5KHmnl7xz7o2fq55ptE/Cs04WGYwW42O9a 6JNg2fQddRVw5CbxhokbM72gWq22fReDeHznYnWKxDl8mlDFiDeTHkQCDY5FSonc63bv NLKZmPS7E6RZuIo9B5/vjlHpuIhmnuH3nSaDY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9cMG0AADDR4AQLZYPc6fbQSGVzybJmT9GSKI6o1jG4c=; b=UPd+V3mRK6qQJ4hREN3eOb4SxE5crH73+jo1PlU5xrJA5kN0dM/7C7xTfqx78iVqX7 6lpsaFcXUB6eDEgBNWna9xs5GRhxo85t2LI4fB17d6vE79ALEj6R0HFXcJ8XxbKlxCV7 /YTBvD7K/o640jGfOgLn8JXnIgPa3hxThaEbNa/IzAPWRWLVHqnUBx0Tbi4I6wiUWry0 XkwpWSQF0cZ0MdwcctxftsY6fvoZfIaGZzAFGfRfP0KqLpdcNdPrkRljw+tAeM4DVG2i VsUYExADZ37rhUK6JaEJlmXV/hZtYvASMXeZznHl+V9/Yy4ndw+UFsuUkzYFHzveGm/B cPbw==
X-Gm-Message-State: AOAM53345tcFy06K2TMy9SXHEEe72SCUGecRNS/MmI9xucq9xHQ0CIuA 80GnWBASw7KJt9j6hqyH4W8AjGnDyfvsHQ==
X-Google-Smtp-Source: ABdhPJxoEHHXV+sBo98DE/Zs3WucYsBbaBJpd8fDk1QGxWRv9nZIIYjhWVrk6Z7Cz+YUuUupgKRMwA==
X-Received: by 2002:a05:6214:4a6:: with SMTP id w6mr11916400qvz.20.1632148930122; Mon, 20 Sep 2021 07:42:10 -0700 (PDT)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id k17sm3978484qtx.67.2021.09.20.07.42.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Sep 2021 07:42:09 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <163213917237.15913.14895247426117991295@ietfa.amsl.com>
Date: Mon, 20 Sep 2021 10:42:08 -0400
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-md5-sha1-deprecate@ietf.org, TLS Chairs <tls-chairs@ietf.org>, TLS List <tls@ietf.org>, Loganaden Velvindron <loganaden@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0AC3A2EC-99DB-4C8A-B04E-540048B0029B@sn3rd.com>
References: <163213917237.15913.14895247426117991295@ietfa.amsl.com>
To: Lars Eggert <lars@eggert.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HDCYVawjFmikXB6OqPYfpR7mvnU>
Subject: Re: [TLS] Lars Eggert's Yes on draft-ietf-tls-md5-sha1-deprecate-08: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Sep 2021 14:42:17 -0000

Alessandro has been on the ball and submitted PRs for these. See below.

> On Sep 20, 2021, at 07:59, Lars Eggert via Datatracker <noreply@ietf.org> wrote:
> 
> Lars Eggert has entered the following ballot position for
> draft-ietf-tls-md5-sha1-deprecate-08: Yes
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-tls-md5-sha1-deprecate/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> All comments below are about very minor potential issues that you may choose to
> address in some way - or ignore - as you see fit. Some were flagged by
> automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
> will likely be some false positives. There is no need to let me know what you
> did with these suggestions.
> 
> Section 1. , paragraph 2, nit:
> -    the end of 2013, based on both the Wang, et. al, attack and the
> -                                               -
> +    the end of 2013, based on both the Wang, et al., attack and the
> +                                                  +

Addressed via:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/27/files

> Uncited references: [CAB-Baseline]

Addressed via:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/26

> Obsolete reference to RFC5246, obsoleted by RFC8446 (this may be on purpose).

It is on purpose ;) While 5246 is obsoleted it is not yet made historic and it’s still used A LOT.

> These URLs in the document did not return content:
> * https://www.cabforum.org/documents.html

This one gets fixed by removing the reference in:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/26

Cheers,
spt