Re: [TLS] raising ceiling vs. floor (was: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt)

Peter Gutmann <> Tue, 10 July 2018 14:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 65457130FB7 for <>; Tue, 10 Jul 2018 07:17:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id A0DXrAmboTUH for <>; Tue, 10 Jul 2018 07:17:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 892B0130DFD for <>; Tue, 10 Jul 2018 07:16:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1531232219; x=1562768219; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=mhmGDcvCBMNfRO+v/KF7icKdx+7o1IP7CMpw3Q1k/oY=; b=IAHwLOzAgrH496u9K3vO9wmwewYWpHI6XgcrJmAk2GvVP2ggpy+O4Nvg zlpLLt+e8rUGnCBXlg64lUFWjLiGOOo/y5oidKVsXnfVaiY29cnU2ksQW WR8anzherdimnHR6b6EzYYJzBn5c5ca9J/FaiX1/k3NWtLXvdYOTZYhUI tZxgvtpihzf3SdwC/VNVLnY0ihtAvpA+VO7niK6Ng/cCQqMLKgF3jqZFx kDXQY7N6TACon6Mia3A+i5Gg3cnqlgcw/wPDev7Bq6PSOdVP1XVf1WZiG HwraHq+86aJYxo64Hw3CYyR7M5Dyj+zOSukU42SaFhtXI7VNrYq1D4O2R A==;
X-IronPort-AV: E=Sophos;i="5.51,334,1526299200"; d="scan'208";a="20550337"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 11 Jul 2018 02:16:57 +1200
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 11 Jul 2018 02:16:57 +1200
Received: from ([]) by ([]) with mapi id 15.00.1263.000; Wed, 11 Jul 2018 02:16:57 +1200
From: Peter Gutmann <>
To: "" <>
Thread-Topic: [TLS] raising ceiling vs. floor (was: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt)
Thread-Index: AQHUGAUQdiSASvczzEuVqjvTCb06AaSIgPnd
Date: Tue, 10 Jul 2018 14:16:57 +0000
Message-ID: <>
References: <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [TLS] raising ceiling vs. floor (was: New Version Notification for draft-moriarty-tls-oldversions-diediedie-00.txt)
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Jul 2018 14:17:03 -0000

Viktor Dukhovni <> writes:

>also the private CAs using SHA-1 will need to switch to SHA-2 to regain
>interoperability, despite no actual risk from SHA-1.

Another problem with moving to SHA-2 is that when you have a lot of gear that
only does SHA-1, you need to run parallel PKIs possibly in perpetuity, one
using SHA-1 and the other SHA-2.  For example if you're signing CRLs then you
have SHA-2-signed ones and SHA-1-signed ones, and then the CA/signing certs in
turn have to be signed with SHA-1 or SHA-2, and the CA certs for those have to
be SHA-1 or SHA-2, and you can see what a headache that ends up being, not
just in terms of running two PKIs but also the fact that you've now got lots
of apparently duplicated certs that differ only in their hash algorithm.  Or
you can use different keys, but now you also need to change the DNs otherwise
sigs on the SHA-1 branch won't verify on the SHA-2 branch.  No matter how you
look at it, you end up with a mess.

(Luckily this sort of thing is Someone Else's Problem, and I don't envy them
for it).