IETF Logo Mail Archive

Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS

Tony Rutkowski <rutkowski.tony@gmail.com> Sun, 08 March 2020 19:41 UTC

Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8359D3A0860 for <tls@ietfa.amsl.com>; Sun, 8 Mar 2020 12:41:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2lmyQKrsVBuS for <tls@ietfa.amsl.com>; Sun, 8 Mar 2020 12:41:27 -0700 (PDT)
Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA0F13A0830 for <tls@ietf.org>; Sun, 8 Mar 2020 12:41:26 -0700 (PDT)
Received: by mail-qk1-x72f.google.com with SMTP id f198so7293183qke.11 for <tls@ietf.org>; Sun, 08 Mar 2020 12:41:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=pD63KI27Qs/YXWu/RWUsNPZOxFI69+EubVpHDDJ6Wzc=; b=ALEu6y2MbSCBYOnH+Fy2vriMgOx25ccX0aPqThpTU0Q20m2FpFBShNy5aE+M8EnpQn 9Wm/Obcgoo+Z5ryWu7yJ88tz9R//7G8g2aShEsnsd5TNIRY6uzUS6QRJbLMDTa5iGzWC LHX6TKT3PlSFDj+WMRGSZWrYqOMB+eicm6TtTrJ3tyZJ+lMnPcrFXeXeAbpawaFnLq/F C7oZPoKO/ZhR4otxAn3NnS3PnxylD8qLMHROecCGXmkonvXm8Abf8PkdHml5QCn5XB6A lEQ1Qk7nkAhu3uTkbgawrpVhPDA1EksaPvU9iluhs9pRLUgMkr8cR9v8HdPpkIS6vse8 7SYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=pD63KI27Qs/YXWu/RWUsNPZOxFI69+EubVpHDDJ6Wzc=; b=oqvpExHPrpvzH52HGlmsFbVdi28pWx3u1rU9HX3hS2Iih1UIpk+TcHMiK+QUFAwg1b dyS+5+wqOw55cbyv9rsoLeDpOUKqSoX8ULo9DgUfZ/STZWBGpCGtRaGxavGJbp+HsgKZ U8AjOkX/YO0RsLeQFlWclnA6CWBQE9bRFwVdRW7iGp/ys9r83xrMBCPHK0gjpZvEdQLW lLNIMJbIvsgc/gCI7VeUAduHiOtzNJDqUwJjF9whktQ2U7wQPep1Q4MvthEXolkuzZNh yyZUJWFB7+gAL6qATYI+OttrxhBqjgDRxhATxj7ydBl3TiQFNFY4f2MylYWmTeJeWEml gZAg==
X-Gm-Message-State: ANhLgQ2b5p7S08NWuigF0Ho8/1KBPUEN2V18GdmDis4krVgxM+7/wTo+ GxfPIplJMWjLLzGX18TQ6uAu/hH24k4=
X-Google-Smtp-Source: ADFU+vtzGdBseLnC6bfdJkry2KSYZQwl7l+0rA2DI9Xm5U6ZZfmER6XOyXmlW0SoYpWiM4vuLKeXyw==
X-Received: by 2002:ae9:f707:: with SMTP id s7mr4654348qkg.5.1583696485776; Sun, 08 Mar 2020 12:41:25 -0700 (PDT)
Received: from [192.168.1.53] (pool-70-106-222-98.clppva.fios.verizon.net. [70.106.222.98]) by smtp.gmail.com with ESMTPSA id f19sm13108531qtp.46.2020.03.08.12.41.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 08 Mar 2020 12:41:25 -0700 (PDT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, tls@ietf.org
References: <20200308022334.38A4315968F3@ary.qy> <22080d70-f7d0-64a0-730e-ce9e98813e10@gmail.com> <9af29b8f-856e-eb3f-6f12-e4cb0a86677b@cs.tcd.ie> <102e959c-dbfc-4a99-da79-b92136142b28@gmail.com> <69f729b1-37a3-6c13-5f5f-887967b785ed@cs.tcd.ie>
From: Tony Rutkowski <rutkowski.tony@gmail.com>
Message-ID: <d79092e1-29af-94dc-2569-0b8ccdca9c7f@gmail.com>
Date: Sun, 08 Mar 2020 15:41:24 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <69f729b1-37a3-6c13-5f5f-887967b785ed@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HScXq38P0huxffvgQClrziepPO8>
Subject: Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Mar 2020 19:41:29 -0000

Hi Stephen,

Amusing attempt to rewrite history.  Your disagreement means nothing, 
fortunately, and folks can claim FUD all they want.

The reality is that the actions in this group are facing increasing 
exposure to antitrust, tort, consumer protection, and tax-related 
actions.  If you don't want to be cautious, then lawyer up...or at least 
get ISOC to buy you more insurance. :-) Oh, is it clear who is covered 
by the insurance?

cheers,
tony


On 2020-03-08 12:59 PM, Stephen Farrell wrote:
>
> On 08/03/2020 16:35, Tony Rutkowski wrote:
>> Stephen,
>>
>> It is not false.
> We disagree. SDNS != TLS. TLS was SSL with the middle
> S standing for socket, which wasn't part of SDNS or
> GOSIP that I recall.
>
>> It is simply largely unknown because of subsequent
>> IETF related narratives that choose to omit the history.  The documents
>> are available online - although portions remain classified.
> Hah, that's funny. And with the classified documents
> defense of the falsehood, I'm done debunking this.
>
> S.
>
>> A request
>> is pending for their declassification and release.  You can find some of
>> the details in the links in this article.
>> http://www.circleid.com/posts/20190124_creating_tls_the_pioneering_role_of_ruth_nelson/
>>
>>
>> Ruth Nelson - who led some of the important components - appeared at
>> last October's NSA Crypto History Symposium.  She filled in some of the
>> details and the work was recognized by those there. Whit was also there
>> also there and gave a great presentation. Unfortunately, women in this
>> field seem not to get the credit they deserve.
>>
>> --tony
>>
>>
>> On 2020-03-08 10:56 AM, Stephen Farrell wrote:
>>> On 08/03/2020 14:46, Tony Rutkowski wrote:
>>>> TLS is particular has a history going back to 1986 when the platform was
>>>> first announced by the USG and the TLS specification was instantiated
>>>> initially in the GOSIP standards and then in ITU/ISO standards.
>>> That's false. I've seen it repeated a few times but it
>>> remains false. Mostly, this falsehood seems to be repeated
>>> in tandem with efforts one could interpret as attempts
>>> to create FUD about Internet related security.
>>>
>>> TLS started in the IETF as a compromise between Netscape
>>> and Microsoft proposals for how to secure HTTP.
>>>
>>> X.509 started as part of X.400, then X.500 and is used by
>>> TLS. Today, I would bet almost all implementers never need
>>> to look beyond RFC5280 for X.509. And I hope it stays that
>>> way until we somehow figure out how to retire X.509.
>>>
>>> S.
>>>
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email