Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 04 May 2019 02:46 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 883ED120370 for <tls@ietfa.amsl.com>; Fri, 3 May 2019 19:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLJb3O0su17x for <tls@ietfa.amsl.com>; Fri, 3 May 2019 19:46:27 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD648120088 for <tls@ietf.org>; Fri, 3 May 2019 19:46:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1556937986; x=1588473986; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=0KST1kYNbyHfq6c9QyEZTTevZeOKHr5KL+/QPyeJv/Y=; b=AyyPVgQpPi+0Zx7BzVDt1vrXMFMHldfs44N5x7GkTcmrkYz7KmVSsUQN TfIAVPzUuWV8FNln4gtSGpF9DSh0IEuM7hn/m4xY9xlfVc5M4hyvQI0LF DhtyoSbhp275a/afy++hSnexMhYZZhv0hpuHDNq9PZ2ga1iO5nurIQvWE OvaOaaHjqEB0HT3MvAZgUs/iQlwwYBrM10BU5WC+uqmhpIWdVZbViiLm7 V/KNC3OmtMaXI9QcZZCPYpPezVVwgb5PjfjN7wI5iHLbgZnsXZGxe3M/N Wbw+7j24m/08AhBnDNqA6+0pz+4u8hW42BRa6sNxNVNaZbJ+xYYi8OXcy g==;
X-IronPort-AV: E=Sophos;i="5.60,428,1549882800"; d="scan'208";a="60249186"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.2 - Outgoing - Outgoing
Received: from uxcn13-ogg-a.uoa.auckland.ac.nz ([10.6.2.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 04 May 2019 14:46:23 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 4 May 2019 14:46:23 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Sat, 4 May 2019 14:46:23 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
Thread-Index: AQHU+8+QtjVLqWiyz0WqN1BpourjtKZM43YAgADkD4CAAGW4gIADRbgAgAMrEACAA/7YAIABDIIe//8+0QCAAMtvyv//YEgAgAADegCAAAh5AIABLdvl
Date: Sat, 4 May 2019 02:46:22 +0000
Message-ID: <1556937973484.34949@cs.auckland.ac.nz>
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com> <7d37f7ca-e253-4c95-9cf7-2d16b0b6a0aa@www.fastmail.com> <20190430234952.21F5C404C@ld9781.wdf.sap.corp> <5441930.X76MtM1CnQ@pintsize.usersys.redhat.com> <1556902416424.28526@cs.auckland.ac.nz> <20190503172022.GH4464@akamai.com> <1556904629782.23087@cs.auckland.ac.nz> <CABcZeBNKgSFYg7gm-4ZibHSzDxO9qSjM5UGQXo81Rv7_r+m9gw@mail.gmail.com> <1F7FC950-358D-4D5C-963B-B7B837AE49DA@gmail.com>, <CAHbuEH4Y6PJDhoHPnCkBgsAkOhvSTHFpew3V1d9iSQs_bknYSQ@mail.gmail.com>
In-Reply-To: <CAHbuEH4Y6PJDhoHPnCkBgsAkOhvSTHFpew3V1d9iSQs_bknYSQ@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/O-woQUOxFQccHshJyJfnG2xPh6k>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 May 2019 02:46:29 -0000

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>​ writes:

>MD5 is not discussed in the current version of RFC7525.

I would add it, if this is guidance for general use then it should cover all
the bases, if SHA-1 is a MUST NOT then MD5 is a REALLY REALLY REALLY MUST NOT.

(Technically SHA-1 is still safe for ephemeral signing, i.e. locations where
an attacker can't spend arbitrary amounts of time working on precomputed data,
which is most of TLS because of the nonces in the handshake and the fact that
connections will quickly time out if nothing arrives, but since TLS 1.2 has
SHA-2 built in already there's probably little point in separating out where
SHA-1 is safe vs. where it isn't).

Peter.