Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 14 July 2015 21:35 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3877D1ACD4F for <tls@ietfa.amsl.com>; Tue, 14 Jul 2015 14:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MyBjjusRrl7l for <tls@ietfa.amsl.com>; Tue, 14 Jul 2015 14:35:35 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A06A91B2C59 for <tls@ietf.org>; Tue, 14 Jul 2015 14:35:35 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 9227E284D74; Tue, 14 Jul 2015 21:35:34 +0000 (UTC)
Date: Tue, 14 Jul 2015 21:35:34 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150714213534.GG28047@mournblade.imrryr.org>
References: <20150714024710.GR28047@mournblade.imrryr.org> <20150714134612.F2DFF1A1DE@ld9781.wdf.sap.corp> <20150714191613.GC28047@mournblade.imrryr.org> <BLUPR03MB13969324E4C95B2D6DC9A7558C9B0@BLUPR03MB1396.namprd03.prod.outlook.com> <20150714200839.GE28047@mournblade.imrryr.org> <CABkgnnXYtF3qQQaAtZNj9UKECLtbntMkt-Pk_Qnm0P+S6zeNcA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABkgnnXYtF3qQQaAtZNj9UKECLtbntMkt-Pk_Qnm0P+S6zeNcA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/JKiEZMMoUrvlav4gFjiNM7-tFho>
Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 21:35:37 -0000

On Tue, Jul 14, 2015 at 01:49:36PM -0700, Martin Thomson wrote:

> On 14 July 2015 at 13:08, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> > Yes, and informs the server that the client is skipping authentication,
> > which is often useful information on the server end.
> 
> The problem here is that the server isn't the only recipient of that signal.

You forgot to mention that an on-path MiTM can hide the fact the
client is doing it from the server.  For clients doing unauthenticated
TLS active attacks are not what they are defending against.

None of this is news.  We should stop here.

-- 
	Viktor.