[TLS] Re: Mail regarding draft-ietf-tls-mldsa - Small Editorial items
"Appel, Ryan" <ryan.appel@bofa.com> Tue, 27 May 2025 13:37 UTC
Return-Path: <ryan.appel@bofa.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E3E8A2D51A6E; Tue, 27 May 2025 06:37:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.393
X-Spam-Level:
X-Spam-Status: No, score=-4.393 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=bofa.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GKtTAwWrhkZs; Tue, 27 May 2025 06:37:11 -0700 (PDT)
Received: from bankofamerica.com (rdnemail.bankofamerica.com [171.161.147.155]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 411842D51A66; Tue, 27 May 2025 06:37:10 -0700 (PDT)
Received: from txdmzmailmx07.bankofamerica.com ([171.180.168.234]) by lrdna0mzxepmx04.bankofamerica.com (8.17.1/8.17.1) with ESMTPS id 54RDb9YQ043707 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 27 May 2025 13:37:09 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bofa.com; s=corp2202; t=1748353029; bh=Au0UlXu4WcqrEHmmBDfdAHyFVBVOx+1wsU1RaDAoPO0=; h=Date:From:Subject:In-reply-to:To:Cc:References; b=jd1FbxyTCbPcnchpCvdAXA4MyXc1IN1MVQPJBbh4izKApL5SvcEY9aiJWdk0udIrU cknx9P7w6rj0WdhCHaB3FHpOjL1ji2rj12sgA2wg27bQoMgO+bjjY9E+xkWZBPDtF0 fnSXIKVel8AKtb4kBM1nebgIYIfaY1OOw7ZqPYFxJd8F5yoVvaHPV1UQdETQNe2D8H ox90zYRIo6PrxWFyOX7t8i2NLHw346ph/15keWwhPG3MXz0n7dYgcM7dz1aNBYx+Mm KewB0tuIh/6tCvZD8sNDwm40lZ1Fbvk9nWwc/xJoEBlC2vy857spwqonK2neQS2G8u oB1NfRjo35NpQ==
Received: from ltwppra02.sdi.corp.bankofamerica.com (ltwppra02.sdi.corp.bankofamerica.com [30.102.120.36]) by txdmzmailmx07.bankofamerica.com (8.17.1/8.17.1) with ESMTPS id 54RDb9iV030187 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Tue, 27 May 2025 13:37:09 GMT
Received: from pps.filterd (ltwppra02.sdi.corp.bankofamerica.com [127.0.0.1]) by ltwppra02.sdi.corp.bankofamerica.com (8.18.1.2/8.18.1.2) with ESMTP id 54RD22F6012796; Tue, 27 May 2025 13:37:08 GMT
Received: from ahp-cmta-rdn-01.sdi.corp.bankofamerica.com (ahp-cmta-rdn-01.sdi.corp.bankofamerica.com [30.28.248.18]) by ltwppra02.sdi.corp.bankofamerica.com (PPS) with ESMTPS id 46u4dtm1km-7 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 27 May 2025 13:37:08 +0000
Date: Tue, 27 May 2025 13:37:05 +0000
From: "Appel, Ryan" <ryan.appel@bofa.com>
In-reply-to: <CAMjbhoXRH_-c5bXArf7Z6Wj0P5h_vhggEqFD7ZWPKj6BXnHr2w@mail.gmail.com>
X-Originating-IP: [30.84.199.78]
To: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>, "hkario@redhat.com" <hkario@redhat.com>
Message-id: <bac8f23b13c84563bc25a684202fb5a1@bofa.com>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_9PX6IyuyRZySothfREOHBG)"
Content-language: en-US
X-MS-Has-Attach:
Accept-Language: en-US
Thread-topic: [TLS] Re: Mail regarding draft-ietf-tls-mldsa - Small Editorial items
Thread-index: AdvMKLTOAIvoMHEDTBq0qghkieKSxwDAftyAAAgKknA=
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0Jhbmsgb2YgQW1lcmljYSIsImlkIjoiZWFkNDlkY2QtMDU0Ni00MTA3LWE4ZDktZDQwZGQxYTg2YmFlIiwicHJvcHMiOlt7Im4iOiJDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiUHVibGljIn1dfSx7Im4iOiJFbmNyeXB0aW9uWWVzIiwidmFscyI6W119LHsibiI6IkVuY3J5cHRpb25ObyIsInZhbHMiOltdfSx7Im4iOiJDb25maWRlbnRpYWxUeXBlIiwidmFscyI6W119XX0sIlN1YmplY3RMYWJlbHMiOltdLCJUTUNWZXJzaW9uIjoiMTguOC4xOTQ4LjIiLCJUcnVzdGVkTGFiZWxIYXNoIjoiSGJ6djBhcHQ3ZjR0dDZQd0xUYkRVR1JNblc1NEVoNjhLR1lXcWJ4UnBlZmVZVGpKR3lKaXZIR3QreGtJV1Q2aiJ9
x-bac-client-sensitivity: X2
x-tm-snts-smtp: 3D000EBAFF9C96826AAE8F6C98BA778903F06A9A32F25F65253EC558908808A02000:8
References: <9dd756034dd942abaaf302ef594d493d@bofa.com> <CAMjbhoXRH_-c5bXArf7Z6Wj0P5h_vhggEqFD7ZWPKj6BXnHr2w@mail.gmail.com>
X-Proofpoint-ORIG-GUID: LQiXgIq841S_3Mx18LUtt-mgM9VQXM4V
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNTI3MDExMCBTYWx0ZWRfX9BUcq3DF+tzh WpOshfH9xWZBJxlkOjLhoHCvdSKONIh9FokeeV6FXH4cizde6STsPCXgP6lyPfFB3RDAlRhQkFF /HGACua4vTD2hviak5ihcddR0dZ6dSJ3YoI6Fxx99hy19zl4wy9GgooNuA9cJvmnADu/9ZXpq2G IwdEhTaMaCkUUJDncagQiz8Cvs0Tf24IUp0xfaNm81bhLBBqW97wlEuTEc+40U8VGOtu+7dgKct oTtnHyHXlApzv8v6W1oIkddIWJNgs9ufoqWybom4vDyzgb0C2+Nw==
X-Proofpoint-GUID: LQiXgIq841S_3Mx18LUtt-mgM9VQXM4V
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-05-27_06,2025-05-27_01,2025-03-28_01
Message-ID-Hash: D2H2LLFYWLOPJYNWCM2WWIUEOI54RLBP
X-Message-ID-Hash: D2H2LLFYWLOPJYNWCM2WWIUEOI54RLBP
X-MailFrom: ryan.appel@bofa.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Mail regarding draft-ietf-tls-mldsa - Small Editorial items
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/X6s8Nhz2SAIOFddrRwytrdROwFI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hello Bas, Yes it does. Very much so. Thank you. I read through the pull and Alicja’s comments. I agree that Signature Scheme cannot be used cannot be used in TLS versions below TLS 1.3, however the text does say “ A peer that receives ServerKeyExchange or CertificateVerify message in a TLS 1.2…” My suggested text was just to clarify that for these message types in TLS 1.2 (or below) combined with the use of any of these schemes would require the illegal_parameter abort for a compliant TLS 1.3 implementation if received. ServerKeyExchange was dropped in TLS 1.3 but was present in TLS 1.2 and below and CertificateVerify is obviously present in TLS 1.2 and TLS 1.3. I think you’ve covered both my comments and Alicja’s by leaving one TLS 1.2 and below, and leaving one as just TLS 1.2. This satisfies the general case by saying that they must not be used in TLS 1.2 or below, but acknowledging the deprecation of TLS 1.1 and below by explicitly giving guidance for messages received from a TLS 1.2 implementation that may incidentally send these schemes in their messages. Thank you very much, Ryan Appel ---------------------------------------------------------------------- This message, and any attachment(s), is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/electronic-disclaimer. If you are not the intended recipient, please delete this message. For more information about how Bank of America protects your privacy, including specific rights that may apply, please visit the following pages: https://business.bofa.com/en-us/content/global-privacy-notices.html (which includes global privacy notices) and https://www.bankofamerica.com/security-center/privacy-overview/ (which includes US State specific privacy notices such as the http://www.bankofamerica.com/ccpa-notice)
- [TLS] Mail regarding draft-ietf-tls-mldsa - Small… Appel, Ryan
- [TLS] Re: Mail regarding draft-ietf-tls-mldsa - S… Bas Westerbaan
- [TLS] Re: Mail regarding draft-ietf-tls-mldsa - S… Appel, Ryan