[TLS] AD review of draft-ietf-tls-md5-sha1-deprecate-03

Roman Danyliw <rdd@cert.org> Fri, 02 October 2020 23:43 UTC

Return-Path: <rdd@cert.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 154853A1740 for <tls@ietfa.amsl.com>; Fri, 2 Oct 2020 16:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xfDHQQfmXuYQ for <tls@ietfa.amsl.com>; Fri, 2 Oct 2020 16:42:59 -0700 (PDT)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C8493A173F for <tls@ietf.org>; Fri, 2 Oct 2020 16:42:59 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 092Ngw62039393 for <tls@ietf.org>; Fri, 2 Oct 2020 19:42:58 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 092Ngw62039393
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1601682178; bh=PNH3SZIMEIKQu4etsvU0RyekQTQWOQ4IinC0wSWZuvo=; h=From:To:Subject:Date:From; b=KEB69QxA2JVgnYYnAFbmoZGKf4dEkboaTUeoVTlPa4WFDL2m5tqUYa3GTsVOZtAIc 7v+a2h8dCuOzVTntYe7yW80VwZtaH4TfyOpCxhBIR5oGJM8c5jHPo75KhtJ9EskL14 Wm6ayyjnRCbX98wFOPmvxHUbvLcIWCOthwy6FRWc=
Received: from MORRIS.ad.sei.cmu.edu (morris.ad.sei.cmu.edu [147.72.252.46]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 092Ngv9V038459 for <tls@ietf.org>; Fri, 2 Oct 2020 19:42:57 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Fri, 2 Oct 2020 19:42:57 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Fri, 2 Oct 2020 19:42:57 -0400
From: Roman Danyliw <rdd@cert.org>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: AD review of draft-ietf-tls-md5-sha1-deprecate-03
Thread-Index: AdaZFOu3JCrnLUcOTDClDxy+nE2vRw==
Date: Fri, 2 Oct 2020 23:42:56 +0000
Message-ID: <5fc530396594430f81e8f609a1f11ea6@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.177]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HQJXFneaB1Ukg_3BrUgnJPv0eac>
Subject: [TLS] AD review of draft-ietf-tls-md5-sha1-deprecate-03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2020 23:43:01 -0000

Hi!

I've assumed the role of responsible AD on this document.  As such, I performed an AD review of draft-ietf-tls-md5-sha1-deprecate-03.  

Thanks for writing this document to address an important crypto maintenance tasks in TLS v1.2.  I have a few clarifying and pro forma editorial items of feedback.  

** Please address the following IDNits:

-- The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

-- The draft header indicates that this document updates RFC5246, but the
     abstract doesn't seem to mention this, which it should.

-- The draft header indicates that this document updates RFC7525, but the
     abstract doesn't seem to mention this, which it should.

** Section 1.  Editorial. 
-- s/RFC 5246 [RFC5246]/[RFC5246]/

-- s/RFC 6151 [RFC6151]/[RFC6151]/

-- s/RFC7525 [RFC7525]/[RFC7525]/

** Section 1.  Editorial.  For symmetry with the rest of the text:

OLD
RFC 6151 [RFC6151]
   details the security considerations, including collision attacks for
   MD5, published in 2011.  

NEW
In 2011, [RFC6151]  detailed the security considerations, including collision attacks for MD5.  

** Section 1.  Please provide a reference for "Wang, et al".  Is there a reference to provide for the "the potential for brute-force attack"

** Section 6.  Editorial Nit. s/RFC5246 [RFC5246]/[RFC5246]/

** Section 6.  Move the text "In Section 7.4.1.4.1: the text should be revised from" out of the "OLD" block of text to be its own intro paragraph so that the OLD vs. NEW is  a clear cut-and-paste.

** Section 7.  Editorial. s/ RFC7525 [RFC7525]/[RFC7525]/

** Section 7.  SHA-1 is also not mentioned in RFC7525.  Recommend:

OLD
The prior text did not explicitly include
   MD5 and this text adds it to ensure it is understood as having been
   deprecated.

NEW
The prior text did not explicitly include MD5 or SHA-1; and this text adds guidance to ensure that these algorithms have been deprecated.

** Section 7.  Editorial.  Grammar.

OLD
In addition, the use of the SHA-256 hash algorithm is RECOMMENDED,
   SHA-1 or MD5 MUST NOT be used

NEW
In addition, the use of the SHA-256 hash algorithm is RECOMMENDED; and SHA-1 or MD5 MUST NOT be used

** Section 10.2  Please make RFC5246 a normative reference.

Regards,
Roman