Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
Watson Ladd <watsonbladd@gmail.com> Tue, 12 January 2016 02:03 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A8241ACD18 for <tls@ietfa.amsl.com>; Mon, 11 Jan 2016 18:03:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJCssfhdzFcG for <tls@ietfa.amsl.com>; Mon, 11 Jan 2016 18:03:49 -0800 (PST)
Received: from mail-yk0-x22f.google.com (mail-yk0-x22f.google.com [IPv6:2607:f8b0:4002:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 067231A1F16 for <tls@ietf.org>; Mon, 11 Jan 2016 18:03:49 -0800 (PST)
Received: by mail-yk0-x22f.google.com with SMTP id v14so359548300ykd.3 for <tls@ietf.org>; Mon, 11 Jan 2016 18:03:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=M3deKsJA8oG7D8xFSZ7Q1tzYT9q/u6yS8HUbVUE1gMw=; b=G2dDVHqw38LFUE/EuVhiqNDkMDCRddZJruEs3/xIKjRhPj8+LfXDt7WEgbw7vK7BaC +rmy0B6Fb3UIqTvpixtN20SGpvDkTi5i6B7YX/4DblX5iTo5oIKKQBAxSwyH03fj9+Jr Ix7X/pmPJEQ85T5TYxud6xo5XBEPgASPe87oTYDYDq1jXISsAUTp3y4M7UMVSjbpkeYF DIPK2V3qflYsbLxyTAl4FTwNZFp9F7H2Fs5EMQGQ6N3G/RA1mes/4xijgZO0dqpYYPxi 90GwOMkvUguResFzvfN5QU/yyBNz2/vQKjzzHVjVOfrRoPuf+/5d9Q5xKpaVHoiCO1ZG O6Ww==
MIME-Version: 1.0
X-Received: by 10.129.123.134 with SMTP id w128mr71731854ywc.345.1452564228254; Mon, 11 Jan 2016 18:03:48 -0800 (PST)
Received: by 10.13.216.150 with HTTP; Mon, 11 Jan 2016 18:03:48 -0800 (PST)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4BC617B@uxcn10-5.UoA.auckland.ac.nz>
References: <20160111183017.GA12243@roeckx.be> <9A043F3CF02CD34C8E74AC1594475C73F4BC5FC6@uxcn10-5.UoA.auckland.ac.nz> <CACsn0cmSBB3TDA-LCDCusQA9KWDzwAoJWrZ=67FquW968vrkBA@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4BC617B@uxcn10-5.UoA.auckland.ac.nz>
Date: Mon, 11 Jan 2016 18:03:48 -0800
Message-ID: <CACsn0cmm9uzaNj=07Eb++MtCBVvtvTRY3LzMK3RYbEb7sW=DCw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/SXZUCNYl-rh9doSRpwPO3-wlG-I>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 02:03:51 -0000
On Mon, Jan 11, 2016 at 6:01 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Watson Ladd <watsonbladd@gmail.com> writes: > >>Do the RFCs require the relevant checks or not? > > No, they just specify the algorithms and bits on the wire (with a side-order > of MTI stuff for interoperability). It's up to implementers to not do stupid > things. > >>That's because real cryptographers understand that this is only 64 times >>better then SHA1, and so don't bother to mention it. > > If it's so trivial to compromise then why, of all the many, many papers > attacking TLS, has no-one every published an attack based on this? In fact, > since it's so easy, perhaps you could publish a paper demonstrating it in > practice? SHA-1 collisions have not yet been found. Marc Stevens has published algorithms he claims reduce the complexity of finding these collisions to feasible amounts, but they have not yet been run. However, free-start collisions have been found, as have ways to modify constants in the SHA-1 IV to get collisions. > > Peter. -- "Man is born free, but everywhere he is in chains". --Rousseau.
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… David Benjamin
- [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature… Kurt Roeckx
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Tony Arcieri
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… David Benjamin
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Yuhong Bao
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Viktor Dukhovni
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Watson Ladd
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Martin Thomson
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Andrei Popov
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Bill Frantz
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Samuel Neves
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Watson Ladd
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- [TLS] MD5 diediedie (was Re: Deprecating TLS 1.0,… Dave Garrett
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Yuhong Bao
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Loganaden Velvindron
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Viktor Dukhovni
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Dave Garrett
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Tony Arcieri
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Karthikeyan Bhargavan
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Stephen Farrell
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Martin Rex
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Hubert Kario
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Karthikeyan Bhargavan
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Hubert Kario
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Peter Gutmann
- Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signa… Hubert Kario
- Re: [TLS] MD5 diediedie (was Re: Deprecating TLS … Dave Garrett