Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 03 May 2019 20:40 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21014120260 for <tls@ietfa.amsl.com>; Fri, 3 May 2019 13:40:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Exl6oDFjPJmu for <tls@ietfa.amsl.com>; Fri, 3 May 2019 13:40:13 -0700 (PDT)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B422F1200F8 for <tls@ietf.org>; Fri, 3 May 2019 13:40:13 -0700 (PDT)
Received: by mail-ot1-x329.google.com with SMTP id b18so6485817otq.3 for <tls@ietf.org>; Fri, 03 May 2019 13:40:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=enOkVSaKEZXPlHt4M9rW8XeC1vuCtFD92gz9oqR715c=; b=a9c6KxDbRjm3zfVl/UkmL8/xv5DHkOL6LklOwR9Nz/LiKdK75+vdpCbAfNchFU049Y z2jEhwx3e3satK08oIfNa3dFvTbgts4btmwmoUTWWdEFW8n0/Hb0rSVYMXCvTt2U8AJ9 Km55eh8T2JOk8F+KQswLTQ5qlxw7fglaChUQa5zZSn3GOuujUwVRBvv0sUk7VYR7CWu/ iFRaHD5K9DLe/rBnCjrw15R8bSDa/08+oUm/lLNbbSUqnm9sTtHWmebQDXslsYOfhFTw o8S02cNACebxGl99fTTL/ocW0c+TJqGvVfg1PEPGFg7FkQoSuR9QOmR7aSAIu8H8sFpQ Erqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=enOkVSaKEZXPlHt4M9rW8XeC1vuCtFD92gz9oqR715c=; b=juGsM5RpN3g1nEOl2qf103PK2tYr6o2p5VscD+yI0fRoELAF5Cqj8qpW76eADHBbwc 0KjlrD69ascgL1M6yJ8qCdLjV+fk8rrqzHeN6W4ZlMoyAQMCJLjyFgNJcQ1uHtTF68vE HS1W4aQE3pL+4bsKydcem+Q3VccTxiabYx6L0k/WcVzTcmtBk0t58a+OY/6FvFg4NyA5 EtsUASRbXmz3VPpSca/7nbd3dCyEUChZtt2zS271vQXDYV+Iiu1j9o6cfdNE+aawqFZQ oUj7FE9rZ3IoX5I+j/I2pk07DUxiUZCNSTDQYE9bgnS0aw0lA0hpNRfF//y9KXjt4hFm dbgA==
X-Gm-Message-State: APjAAAXlFguSeXpaaACqj6ZZCPYOslAH2fiobWyCRA0xcPKdP3oY5Rz/ S0Em3kDMQzqRkhMg1Nobm9s30PRci9duwcBj+nE=
X-Google-Smtp-Source: APXvYqxn1KggX24LNj9aQy+TNGAnMNrWHGjOn8Ur8Dw7AYxUKFiHaiyBV/gvF4/2mskVTTYD/10CCB2f2ALgyzam1+E=
X-Received: by 2002:a9d:72c8:: with SMTP id d8mr8040200otk.149.1556916013020; Fri, 03 May 2019 13:40:13 -0700 (PDT)
MIME-Version: 1.0
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com> <7d37f7ca-e253-4c95-9cf7-2d16b0b6a0aa@www.fastmail.com> <20190430234952.21F5C404C@ld9781.wdf.sap.corp> <5441930.X76MtM1CnQ@pintsize.usersys.redhat.com> <1556902416424.28526@cs.auckland.ac.nz> <20190503172022.GH4464@akamai.com> <1556904629782.23087@cs.auckland.ac.nz> <CABcZeBNKgSFYg7gm-4ZibHSzDxO9qSjM5UGQXo81Rv7_r+m9gw@mail.gmail.com> <1F7FC950-358D-4D5C-963B-B7B837AE49DA@gmail.com>
In-Reply-To: <1F7FC950-358D-4D5C-963B-B7B837AE49DA@gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 3 May 2019 16:39:36 -0400
Message-ID: <CAHbuEH4Y6PJDhoHPnCkBgsAkOhvSTHFpew3V1d9iSQs_bknYSQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e6b975058801c16b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MBGW7D0urTXbWSv3fXzxiSPjSWU>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 20:40:16 -0000

On Fri, May 3, 2019 at 4:09 PM Kathleen Moriarty <
kathleen.moriarty.ietf@gmail.com> wrote:

>
>
> Sent from my mobile device
>
> On May 3, 2019, at 3:56 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>
>
> On Fri, May 3, 2019 at 10:31 AM Peter Gutmann <pgut001@cs.auckland.ac.nz>
> wrote:
>
>> Having said that, given an RFC saying MUST NOT 1.0 and 1.1 which is what
>> the
>> original discussion was about, why not also add MUST NOT MD5 and SHA1 in
>> TLS
>> 1.2 to the text?
>>
>
> This seems like a reasonable proposal.
>
>
> If added, should this just be in the updates section for RFC7525?
>

If done here, the text below would change to MUST and we'd likely need
another WGLC, correct?

   When using RSA, servers SHOULD authenticate using certificates with
   at least a 2048-bit modulus for the public key.  In addition, the use
   of the SHA-256 hash algorithm is RECOMMENDED (see [CAB-Baseline
<https://tools.ietf.org/html/rfc7525#ref-CAB-Baseline>] for
   more details).  Clients SHOULD indicate to servers that they request
   SHA-256, by using the "Signature Algorithms" extension defined in
   TLS 1.2.


The MUST NOT for SHA-1 is not clearly stated in RFC7525 as far as I can see.


Proposed:

   When using RSA, servers SHOULD authenticate using certificates with
   at least a 2048-bit modulus for the public key.  In addition, the use
   of the SHA-256 hash algorithm is the minimum requirement, SHA-1
MUST not be used (see [CAB-Baseline
<https://tools.ietf.org/html/rfc7525#ref-CAB-Baseline>] for
   more details).  Clients SHOULD indicate to servers that they request
   SHA-256, by using the "Signature Algorithms" extension defined in
   TLS 1.2.


MD5 is not discussed in the current version of RFC7525.


Best regards,

Kathleen


> Best regards,
> Kathleen
>
>
> -Ekr
>
>
>> Peter.
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

-- 

Best regards,
Kathleen