Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 12 January 2016 14:14 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1514F1B2A43 for <tls@ietfa.amsl.com>; Tue, 12 Jan 2016 06:14:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WlhQqDcAgomj for <tls@ietfa.amsl.com>; Tue, 12 Jan 2016 06:14:21 -0800 (PST)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFC351B2A42 for <tls@ietf.org>; Tue, 12 Jan 2016 06:14:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1452608060; x=1484144060; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=/YPxi2gDOnNP8hqR+ljWK/CGnS6Nl6qe6L2xjzscVCs=; b=ZHxnLZ5qTgMoik/VrmxQJF4biSmGSrNr6rcmMMhgs8y6lYcinqtIMx1/ nWLsw+xwiVq7TbScZ3qOR8b6qZzCL2BCy+03GX6JSZBSDfS6uxc836sX9 KCOS9chUHebSSo+l8l78ck+EyyAdrksgaxXTzXn9xWCZ093a3tUwYEBDf L7fhLW4nKskJNZEdCTTz4Mt3/mLsE8nxAlfMHPkKofA7vYVx5eXk+hGZF CqsBxQbFWZ6CMJrpeIwAL7LVRPjIJ5Zcyt74J+sdIyO1bzghJsJHaHJlw xTaW8mYHXK7jc7dk+3pivZUHPKCqr3AyyZ21EiRg812aFEmRjk4wI7umD w==;
X-IronPort-AV: E=Sophos;i="5.20,557,1444647600"; d="scan'208";a="62783791"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxchange10-fe2.UoA.auckland.ac.nz) ([130.216.4.106]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 13 Jan 2016 03:14:19 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0266.001; Wed, 13 Jan 2016 03:14:19 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>, "mrex@sap.com" <mrex@sap.com>
Thread-Topic: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
Thread-Index: AQHRTJ4of0rzW9uDJ0Olh4pPg5BcoZ728Kke//8nk4CAAO29gIAABw4AgADgoM4=
Date: Tue, 12 Jan 2016 14:14:18 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4BC6877@uxcn10-5.UoA.auckland.ac.nz>
References: <20160112132431.237AA1A3E4@ld9781.wdf.sap.corp>, <C735F785-F38B-4620-B78F-5D5C57FAA36D@gmail.com>
In-Reply-To: <C735F785-F38B-4620-B78F-5D5C57FAA36D@gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/RDM4tuZoDM_8JxRxYZOn8Jvpusw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 14:14:22 -0000
Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> writes: >Coming back to digital signatures, all uses of weak hash functions are >essentially broken. Not necessarily. Use of weak hash functions where the attacker has time to do offline precomputations/calculations are essentially broken. I'm not saying "keep on using MD5", but unless your attacker can find collisions in real time you're still OK while you take time to switch to SHA-2 or whatever. Peter.
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… David Benjamin
- [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature… Kurt Roeckx
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Tony Arcieri
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… David Benjamin
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Yuhong Bao
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Viktor Dukhovni
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Watson Ladd
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Martin Thomson
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Bill Frantz
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Samuel Neves
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Watson Ladd
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- [TLS] MD5 diediedie (was Re: Deprecating TLS 1.0,… Dave Garrett
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Yuhong Bao
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Loganaden Velvindron
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Viktor Dukhovni
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Dave Garrett
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Tony Arcieri
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Karthikeyan Bhargavan
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Stephen Farrell
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Martin Rex
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Hubert Kario
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Karthikeyan Bhargavan
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Hubert Kario
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Hubert Kario
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Dave Garrett