Re: [TLS] Kathleen Moriarty's Yes on draft-ietf-tls-rfc4492bis-15: (with COMMENT)

Yoav Nir <> Tue, 14 March 2017 21:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D58DC13155F; Tue, 14 Mar 2017 14:26:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LHGdIwYneBiL; Tue, 14 Mar 2017 14:26:29 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F419C129AE8; Tue, 14 Mar 2017 14:26:28 -0700 (PDT)
Received: by with SMTP id v190so1829059wme.3; Tue, 14 Mar 2017 14:26:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=BG7SkCdJ+2E0OPCgar7Puc/rCJIXdVJzdTAVkRmcwV8=; b=LHausIWZlKBhJmFfGNB/61iiAY51oSmdk9MRAEUA3Db96zIru5IW4nNm/WCevXfm47 V11IH7kKsNVqm15TBdeIv52ufU16PK/YrgKOs/VUPzU50qXkqQMSLmQ9ZsBIT1a/cqQO ic5iADW6OAp5z/RbrjzHhf1poIJtnqlxYy9eXaUqSzc+NwdoGHRMS1gjCdpFOUDKiYjQ QdRQmJbYH/cXjdbWbp/9rXalR8pKXXQ+KJBKdxSZxfGjzDkciZ/uZSWJYSD5gAYfAVIG ddDUUolSqYY8+4T76WtcI1YEJheKcUcnrARTKwQOB8NKvdDwmwjD85gO7Hc7zv5xyn16 oxyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=BG7SkCdJ+2E0OPCgar7Puc/rCJIXdVJzdTAVkRmcwV8=; b=nX1eqLQSQ4E4M4hZZ+vDiAMjp6AXXkdJYSUukd6LhyjKk4s4UOlcWSMNiMNA8X0uNr +3u29i0jBCcp6NuIJT3PAF/F9B2QVfOkkQaAypciCHrlzbjQVa61JKhc5zq8NsIXSsnF Lt3qXTRH4YSbYLEOhopqJqgEW7UHuGrJPndGsQua4p15tnrsD8cxizqVtmVRruwnZRLv SZiFL7H6omrbeKLjQ1HC94y/nbo0GUuj97uT2BMJjVICJ1DylNXRjOt0fTXBYfhDxeYX mMna4p6jlU3w/zBdYDKPkeRGDjPBeLJNQabph9ZeULCRr/dmScjwx3pnrMzbd85/Cny1 fRSQ==
X-Gm-Message-State: AFeK/H0BgD5UtJNpAB8LUHqa3Z/cCdFc/RoaYyPOuNbyqWaX7vSetRAwIyIcy2I4hIwrJg==
X-Received: by with SMTP id v7mr16005099wmv.138.1489526787519; Tue, 14 Mar 2017 14:26:27 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id u11sm30731463wrb.45.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Mar 2017 14:26:26 -0700 (PDT)
From: Yoav Nir <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_E98C0D0A-A031-452B-9D40-333830EEC8F8"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Tue, 14 Mar 2017 23:26:23 +0200
In-Reply-To: <>
Cc: The IESG <>,, Sean Turner <>,,
To: Kathleen Moriarty <>
References: <>
X-Mailer: Apple Mail (2.3259)
Archived-At: <>
Subject: Re: [TLS] Kathleen Moriarty's Yes on draft-ietf-tls-rfc4492bis-15: (with COMMENT)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Mar 2017 21:26:31 -0000

Hi, Kathleen.  See inline.

> On 14 Mar 2017, at 22:40, Kathleen Moriarty <> wrote:
> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-tls-rfc4492bis-15: Yes
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> Please refer to
> for more information about IESG DISCUSS and COMMENT positions.
> The document, along with other ballot positions, can be found here:
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Thanks for your work on this draft.  I just have one question:
> In section 5.10, I see the following text:
>   The default hash function is SHA-1 [FIPS.180-2], and sha_size (see
>   Section 5.4 and Section 5.8) is 20.  However, an alternative hash
>   function, such as one of the new SHA hash functions specified in
>   180-2 [FIPS.180-2], SHOULD be used instead.

If we add the three lines before the ones you quoted, they say this:
   All ECDSA computations MUST be performed according to ANSI X9.62 or
   its successors.  Data to be signed/verified is hashed, and the result
   run directly through the ECDSA algorithm with no additional hashing.

The default of using SHA-1 is from X9.62: <>
That is the document that was referenced by RFC 4492 and it’s from 1998. It doesn’t mention any hash function other than SHA-1.

RFC 4492 said that other hash functions may be used. We’ve upgraded it to a SHOULD.

> Why are you setting the default to SHA-1 and then recommending that
> something else should be used?  Why not just start with a different SHA
> hash function as the default or at least for TLS 1.2?  I do see the prior
> text about TLS 1.0 and 1.1 using MD5 and SHA-1, but most have recommended
> to go right to TLS 1.2 with the SSLv3 deprecation.  As such, I'm not
> clear on why the SHA-1 default.