Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 13 July 2015 22:31 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D6241A700D for <tls@ietfa.amsl.com>; Mon, 13 Jul 2015 15:31:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOrWN_AM58tl for <tls@ietfa.amsl.com>; Mon, 13 Jul 2015 15:31:18 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0105.outbound.protection.outlook.com [65.55.169.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33CCD1A6FBB for <tls@ietf.org>; Mon, 13 Jul 2015 15:31:18 -0700 (PDT)
Received: from BLUPR03MB1396.namprd03.prod.outlook.com (10.163.81.142) by BLUPR03MB1395.namprd03.prod.outlook.com (10.163.81.141) with Microsoft SMTP Server (TLS) id 15.1.213.14; Mon, 13 Jul 2015 22:31:16 +0000
Received: from BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) by BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) with mapi id 15.01.0213.000; Mon, 13 Jul 2015 22:31:16 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)
Thread-Index: AQHQuMqGail83kPeBUGeFeksHA1hqJ3QLTyAgAAI+QCAAAQ1gIAADWmAgAA2FYCAAVxcgIAAAVqAgAAEyoCAAVE1AIABlogAgAAEJoCAAAXGgIAACRQAgAADNACAAAGWgIAAA+QAgAAQkpCAAUrngIAADsEAgAAC7oCAABbWgIAANnyAgAAH4ACAAAoZgIAAB+GAgAAMDwCAAAXygIAAI+yAgAADFACAAd8BsIAACoIAgADHX/CAABhggIAAFePggAAu+ACAAADfAA==
Date: Mon, 13 Jul 2015 22:31:16 +0000
Message-ID: <BLUPR03MB1396A5E9F837D1806D5DDBA68C9C0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CALuAYvbteowTeyWe9VneRHgyvzTRS3LfKdorWt=jmEy2k+wNqw@mail.gmail.com> <201507111709.27725.davemgarrett@gmail.com> <CABcZeBNCBrNeMKm5hCLQ741zFRpcXQ321onofH2EWJbiQrSs6w@mail.gmail.com> <201507111929.02696.davemgarrett@gmail.com> <BLUPR03MB13965B49B433823B6A04B3088C9C0@BLUPR03MB1396.namprd03.prod.outlook.com> <20150713044104.GK28047@mournblade.imrryr.org> <BLUPR03MB1396DF5184A7E3DFAF3F11028C9C0@BLUPR03MB1396.namprd03.prod.outlook.com> <20150713180153.GO28047@mournblade.imrryr.org> <BLUPR03MB1396BC8D279F74007EE288CE8C9C0@BLUPR03MB1396.namprd03.prod.outlook.com> <20150713220819.GQ28047@mournblade.imrryr.org>
In-Reply-To: <20150713220819.GQ28047@mournblade.imrryr.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:4898:80e8:ee31::5]
x-microsoft-exchange-diagnostics: 1; BLUPR03MB1395; 5:Hf72chTRTfJti05MY9YwNwmfbLWgiObhweTXdazX39Y0CO4Gfyc7yiAfJwFx9Pj67qDjgZDyy8yctKnp0rxlcF9PIqfP4JiBu1TRXElFwv9sZcVgkcodyopRDR9hfqvRS7ZmEtmCQPQJSEeVIh9jyQ==; 24:bCcSX8n8vrzerZcdCX14BuJyZGscHfR3PwiS0L0MHYlKlOWA2j2idGVrgOZ/u0PPBrLgFPdIb8sOy62h/oqHaMIpNjAok1SgZUB/6Rh4Nu0=; 20:AjX/IGNKFs2jt3iDeWo86psou2dhRCRLzv1SrU78cs0+WcqDI4E8ICFj9/wf5Dbz8Mdxh+lKAb7QRovIhmOc0Q==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB1395;
blupr03mb1395: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <BLUPR03MB13952A8FA428A1C3F75A75268C9C0@BLUPR03MB1395.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BLUPR03MB1395; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB1395;
x-forefront-prvs: 0636271852
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(13464003)(24454002)(50986999)(2950100001)(87936001)(2351001)(5001960100002)(189998001)(86612001)(74316001)(107886002)(110136002)(33656002)(62966003)(77156002)(2900100001)(40100003)(450100001)(2656002)(93886004)(2501003)(46102003)(5002640100001)(122556002)(19580395003)(54356999)(19580405001)(86362001)(76176999)(102836002)(106116001)(76576001)(5003600100002)(92566002)(77096005)(15975445007); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB1395; H:BLUPR03MB1396.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2015 22:31:16.5224 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB1395
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/a_9P15MzngfBnu50l6DPdo8GChU>
Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2015 22:31:20 -0000

> This does not work when new algorithms are introduced, since you can't advertise algorithms you don't know exist.
When old algorithms are deprecated and new algorithms replace them in actual deployments (a very slow process), an opportunistic client would need to be updated, just like a normal server-authenticating client does. Except for the opportunistic client this update would be rather trivial.

Alternatively, can an opportunistic client explicitly negotiate anonymous connections?

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Viktor Dukhovni
Sent: Monday, July 13, 2015 3:08 PM
To: tls@ietf.org
Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)

On Mon, Jul 13, 2015 at 07:45:30PM +0000, Andrei Popov wrote:

> Would it make sense for an opportunistic client to advertise all 
> algorithms commonly supported in the server certs? After all, there 
> are relatively few signature/hash pairs in use, and they are changing 
> very slowly over time.

This does not work when new algorithms are introduced, since you can't advertise algorithms you don't know exist.

-- 
	Viktor.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls