Re: [TLS] Kathleen Moriarty's Yes on draft-ietf-tls-rfc4492bis-15: (with COMMENT)

Yoav Nir <> Tue, 14 March 2017 22:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DB0DC129BA1; Tue, 14 Mar 2017 15:05:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QYwvM216UF8u; Tue, 14 Mar 2017 15:05:32 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E9C1B1300E8; Tue, 14 Mar 2017 15:05:31 -0700 (PDT)
Received: by with SMTP id z63so1962319wmg.2; Tue, 14 Mar 2017 15:05:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=YZVNnT1Hq3L5yAvXcy4mRw0zwU3HqNxK0Q/lMhnNK4k=; b=VDIDaFLLrzonlemn6rlQCDIqsAYuks+/8bzuCPUTp7xSTyxfa8ilAIGLJAsAAiN9hy F/X2IRbxlYgh/CMaJfgkU6sMRVkDeBkXm7CqoPTdIL+dzVf6s2svKhbSsOfQtJ23FIoq v4sBjHvp7NfxUnop1IV6zl+vrkIH0oOaXfDu3cNn2iHnFcr8xos17CCpSVvj6tl7l0ei Kyh8AWLNwQ7b8Uds34OxOc5cV2IJ9SBzraGI8rFXR18d8i5r+qaKmLpSXzpbJdlP868z F7G72Z7EwKhSE/x0Wq8JfYVmXPy96fy0j9jDF1sspAlEbUgLauvgfZJC/14EIwawF+JO YZmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=YZVNnT1Hq3L5yAvXcy4mRw0zwU3HqNxK0Q/lMhnNK4k=; b=bsqRbmZxttu4FMczyYKyqHov1aBW5QVvXHqcCghc7pY5EE+pfjlCzNG2xhsfbJ8m1T YJJL6dyaONRkA3qf8zbeMQYh0HXZwy3zMpJDzFRS2uRGwvxR4cKfrTKleZmEZZQxkFRU QE6BKZIJAeL778CMlhcZ/1XMdIsVTDVdAKf8MyOI2d04kpM5BO0l9507hcBRv7geShNs dslSk6G+l8/jvXq1pqfVqcFByipKuxWacBUktQxQvECboN4qLe4BP0HMOCxSOY6/5NRr D7jm4BxjhCVED0hWgpGfye5KfMdD/fc2ZMtdKpZWptnGMoccaBdzfrwiZosghrX1A8vv g0oQ==
X-Gm-Message-State: AFeK/H3FhmzKtvhUgUTqVC0FaibvBHEkusmG/3T0MwafrXhVte2KHXk7EwGe1+bJL42JpQ==
X-Received: by with SMTP id a203mr1600425wme.36.1489529130480; Tue, 14 Mar 2017 15:05:30 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id k43sm30685060wrk.42.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Mar 2017 15:05:29 -0700 (PDT)
From: Yoav Nir <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_1D62CD8F-1DBC-4FA1-9063-009EE56330F2"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Wed, 15 Mar 2017 00:05:26 +0200
In-Reply-To: <>
Cc: Kathleen Moriarty <>, "" <>, tls-chairs <>, The IESG <>,
To: Martin Thomson <>
References: <> <> <>
X-Mailer: Apple Mail (2.3259)
Archived-At: <>
Subject: Re: [TLS] Kathleen Moriarty's Yes on draft-ietf-tls-rfc4492bis-15: (with COMMENT)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Mar 2017 22:05:34 -0000

> On 14 Mar 2017, at 23:29, Martin Thomson <> wrote:
> On 15 March 2017 at 08:26, Yoav Nir <> wrote:
>> That is the document that was referenced by RFC 4492 and it’s from 1998. It
>> doesn’t mention any hash function other than SHA-1.
>> RFC 4492 said that other hash functions may be used. We’ve upgraded it to a
> In light of recent developments, is there any reason we couldn't
> further upgrade this advice?

It might be better to rephrase the whole thing and eliminate the thing about a default. X9.62 has been revised in 2005. This newer version does mention the SHA-2 family in addition to SHA-1, so I don’t know it that is in any sense of the word still “the default”. I’d look it up, but as an ANSI standard, it’s behind a paywall.

We might just say:

   All ECDSA computations MUST be performed according to ANSI X9.62 or
   its successors.  Data to be signed/verified is hashed, and the result
   run directly through the ECDSA algorithm with no additional hashing.
   The default hash function is SHA-1 [FIPS.180-2 <>], and sha_size (see
   Section 5.4 <> and Section 5.8 <>) is 20.  However, an alternative hash
   function, such as one of the new SHA hash functions specified in FIPS
   180-2 [FIPS.180-2 <>], SHOULD be used instead.

   All ECDSA computations MUST be performed according to ANSI X9.62 or
   its successors.  Data to be signed/verified is hashed, and the result
   run directly through the ECDSA algorithm with no additional hashing.
   A secure hash function such as the SHA-256, SHA-384, and SHA-512
   [FIPS.180-4] MUST be used.