IETF Logo Mail Archive

Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS

John Levine <johnl@taugh.com> Sun, 08 March 2020 02:24 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFC6D3A1F8A for <tls@ietfa.amsl.com>; Sat, 7 Mar 2020 18:24:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.841
X-Spam-Level:
X-Spam-Status: No, score=-1.841 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=rGWDa/0T; dkim=pass (1536-bit key) header.d=taugh.com header.b=dFSR7C4s
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M9AqZs5C-OjW for <tls@ietfa.amsl.com>; Sat, 7 Mar 2020 18:23:56 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7137C3A1F90 for <tls@ietf.org>; Sat, 7 Mar 2020 18:23:37 -0800 (PST)
Received: (qmail 25268 invoked from network); 8 Mar 2020 02:23:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding;s=62b2.5e645726.k2003; bh=Lh6n0MNNPWc1BDhOiCcm+Ow6voWWBvY/H01YT9sDhm8=; b=rGWDa/0TFcg6cwIFzbtrRx6r+hEhlQdnDo1LmPa++zsrtXKF+KMij01ox2m6TD2ECiL/7uAOKwICWjOUq8/s3tCJhhf0kilyXFSBjGfcgN2hxggeV2BwiM91okJCtYDyH+4hxq6Mc7SYt43kZde3A/OwOXAxfIqCeVyRznTjMbTytapZsR26Rd8QBg3lJHTsKXpS4xIl/9OLx91Jd6sQkclXj+6yMRb0iYl0pH3JpouQoVnDk6AMIT/8i7TgMNJF
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding;s=62b2.5e645726.k2003; bh=Lh6n0MNNPWc1BDhOiCcm+Ow6voWWBvY/H01YT9sDhm8=; b=dFSR7C4ssGWk7afxQpDFKZo6Vd3LyhGqMV0oKREptqpNHkAnuqgGQtq33vJwQWcoJrpqKqb1IPh/Z1MCV9mCoj+K2YO4PSQaiNgHVkq3+RkrNOPYC/tn40+8v35CLkpuEZI5yu9J/cYqKg55bwvuh24DYeRCXpxBpkoCS9rb0DxHhH1XPaNxNg56+lAB6HYpYREfBAItMm9MkMdUFV5L8syQDneQB9UxSBLu0vzLYITltE1KOmX5FRVq3nRZziJM
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 08 Mar 2020 02:23:34 -0000
Received: by ary.qy (Postfix, from userid 501) id 38A4315968F3; Sat, 7 Mar 2020 21:23:34 -0500 (EST)
Date: Sat, 07 Mar 2020 21:23:34 -0500
Message-Id: <20200308022334.38A4315968F3@ary.qy>
From: John Levine <johnl@taugh.com>
To: tls@ietf.org
Cc: trutkowski@netmagic.com
In-Reply-To: <b08c7a20-6949-4776-18d8-58f4c6e3970a@netmagic.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NnGkyt5gRG5lNJlj201xk_BcpVQ>
Subject: Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Mar 2020 02:24:13 -0000

In article <b08c7a20-6949-4776-18d8-58f4c6e3970a@netmagic.com> you write:
>-=-=-=-=-=-
>
>One comment.  Perhaps some caution might be advised in light of the 
>antitrust court order in /Trueposition v. Ericsson/. Ref. Order in Case 
>No. 2:11-cv-4574, (U.S. E.D. Pa, 14 Jul 2014).

That's a single page dismissing 3GPP from the case.  Really?

https://ia800306.us.archive.org/15/items/gov.uscourts.paed.426719/gov.uscourts.paed.426719.296.0.pdf

R's,
John





>On 2020-03-06 7:02 PM, John Mattsson wrote:
>> Hi,
>>
>> I am happy to report that 3GPP just took the decision to forbid support of MD5 and SHA-1, as well as all non-AEAD and non-PFS cipher suites in
>TLS. The changes apply to all Rel-16 3GPP systems that use TLS and DTLS, which are quite many.
>>
>> 3GPP had already mandaded support of TLS 1.3, forbidden support of TLS 1.1, and mandated minimum key lengths of 2048 for RSA/FFDH and 255 for
>ECC. 3GPP will likely mandate support of DTLS 1.3 soon after it has been published.
>>
>> I hope this inspire other organisations to do the same.
>>
>> The changes [2][3] were approved today and an updated complete version of the new 3GPP TLS profile can be found here [1]. Any comments or
>suggestions on the 3GPP TLS profile are very welcome.
>>
>> Cheers,
>> John
>>
>>
>> [1] https://github.com/EricssonResearch/CBOR-certificates/raw/master/3GPP%20TLS%20Profile%206%20march%202020.pdf
>>
>> [2] http://www.3gpp.org/ftp/TSG_SA/WG3_Security/TSGS3_98e/Docs/S3-200332.zip
>>
>> [3] https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_98e/Inbox/Drafts/draft_S3-200333-r1.doc

v2.23.0 | Report a Bug | By Email