[TLS] Protocol Action: 'Deprecating MD5 and SHA-1 signature hashes in (D)TLS 1.2' to Proposed Standard (draft-ietf-tls-md5-sha1-deprecate-09.txt)
The IESG <iesg-secretary@ietf.org> Mon, 27 September 2021 20:32 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2653B3A1942; Mon, 27 Sep 2021 13:32:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 7.38.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-md5-sha1-deprecate@ietf.org, loganaden@gmail.com, rdd@cert.org, rfc-editor@rfc-editor.org, sean@sn3rd.com, tls-chairs@ietf.org, tls@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <163277475210.19293.13604872368684686986@ietfa.amsl.com>
Date: Mon, 27 Sep 2021 13:32:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XnHyVOIuBAZAQOhVEkgm5Y2jQCY>
Subject: [TLS] Protocol Action: 'Deprecating MD5 and SHA-1 signature hashes in (D)TLS 1.2' to Proposed Standard (draft-ietf-tls-md5-sha1-deprecate-09.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Sep 2021 20:32:33 -0000
The IESG has approved the following document: - 'Deprecating MD5 and SHA-1 signature hashes in (D)TLS 1.2' (draft-ietf-tls-md5-sha1-deprecate-09.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-md5-sha1-deprecate/ Technical Summary The MD5 and SHA-1 hashing algorithms are increasingly vulnerable to attack and this document deprecates their use in TLS 1.2 digital signatures. However, this document does not deprecate SHA-1 in HMAC for record protection. This document updates RFC 5246. Working Group Summary * There is strong support in the working group for this document. Primary items during WGLC was around the consistency of the normative language. * Discussion from AD Review and IETC LC saw the streamlining of the update guidance to RFC5246 and dropping an formal update to RFC7525 (as it is being revised). Document Quality * There was review from the WG, comments from the IETF LC and Directorates (in particular IoTDIR) were addressed. Personnel Document Shepherd = Sean Turner Responsible AD = Roman Danyliw