Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS
Tony Rutkowski <rutkowski.tony@gmail.com> Sun, 08 March 2020 16:36 UTC
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5607A3A0CF0 for <tls@ietfa.amsl.com>; Sun, 8 Mar 2020 09:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bYDt81ZWPEu3 for <tls@ietfa.amsl.com>; Sun, 8 Mar 2020 09:35:58 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C27A3A0CED for <tls@ietf.org>; Sun, 8 Mar 2020 09:35:58 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id p62so7101497qkb.0 for <tls@ietf.org>; Sun, 08 Mar 2020 09:35:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=B+eW+XWMXr+xyrZD9F8k5LmsgULYeQpMbuwKx1kwu+8=; b=XptX9OxgGMbcqG2+pZXmCPb5YgZk7qOfFNGQ8+7uds+bl4Jh4eB6SET7fnml3J+UTX GWwGGAKVAbZY3bv5nA2TjDeVweOSfB8bOdjjaAEkhIJ6G+r15CR9lN4ltudI3EljFWKt WNU5aClFEBThFRtFcDl1XuoRR+Fj7nOM/YTUI58VYdj+09DiwUDlPzjicyql9QZnL6Qe ZUtw5aJJf22fxETcywpiqBYPGQpMQjYbfCge+huWoPzMbEFPGvYU+V0Yvq2Un6Hw1Qt3 44HiSNv9YtV95xVg0xgMJEZQwbTrBbDKlKP/zc5NMg1WQuot4mIfAbIy+TEUzb1nPH3L WOzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=B+eW+XWMXr+xyrZD9F8k5LmsgULYeQpMbuwKx1kwu+8=; b=M9p73f3b4/T2h72/9EWsqvIdmPGgNLSJh5Si/vKxLFZfSiR4nLWt/GliLOSTDuw+OP TkJDkSqItsDxojomRm4q92uq/EsIK3N4UdZupyhGeTSLzem3L8dgJ9tOEVIqIG5bYozY uykk2fPqB6FPnnsRw4l89lu3XZA5QUlBgAKOAzDFzksN7xDwd/R71uqr+SgEysYt4JpH PSAz+BG7gc8B4vEw0Lm4t3mAlyqPMA/2Bz9ij7XZbBDuKTxWByZMN/Yu8aQDpLSCLb5T WpjiRiWvpcys46B4IK5wtKDrkCjY4cR2jUR8lXR59silWTe8AqayCjFuo1g8yN7PdQL/ xI3Q==
X-Gm-Message-State: ANhLgQ1dzjgeGuC/sOnxxKc6WDFLsc5MT9PHpUU1pqJogpQO7Uwed0L7 l8Aq6sVlT7nZBg47s9ERjfMekqWiPP0=
X-Google-Smtp-Source: ADFU+vtsac5Avr4ndqmidwefgtLiDfmH+RGH62ka7gT2RuGQCeo6IML+q2f/sYpZIQ4c1BRq0X2dmA==
X-Received: by 2002:a05:620a:12a3:: with SMTP id x3mr2160700qki.367.1583685356948; Sun, 08 Mar 2020 09:35:56 -0700 (PDT)
Received: from [192.168.1.53] (pool-70-106-222-98.clppva.fios.verizon.net. [70.106.222.98]) by smtp.gmail.com with ESMTPSA id z21sm20340885qka.122.2020.03.08.09.35.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 08 Mar 2020 09:35:56 -0700 (PDT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, tls@ietf.org
References: <20200308022334.38A4315968F3@ary.qy> <22080d70-f7d0-64a0-730e-ce9e98813e10@gmail.com> <9af29b8f-856e-eb3f-6f12-e4cb0a86677b@cs.tcd.ie>
From: Tony Rutkowski <rutkowski.tony@gmail.com>
Message-ID: <102e959c-dbfc-4a99-da79-b92136142b28@gmail.com>
Date: Sun, 08 Mar 2020 12:35:56 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <9af29b8f-856e-eb3f-6f12-e4cb0a86677b@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="------------4BDE2C8E8BC6A26925DF89FF"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bqt6TOrbqm__93lqaysXGrAZ1j8>
Subject: Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Mar 2020 16:36:01 -0000
Stephen, It is not false. It is simply largely unknown because of subsequent IETF related narratives that choose to omit the history. The documents are available online - although portions remain classified. A request is pending for their declassification and release. You can find some of the details in the links in this article. http://www.circleid.com/posts/20190124_creating_tls_the_pioneering_role_of_ruth_nelson/ Ruth Nelson - who led some of the important components - appeared at last October's NSA Crypto History Symposium. She filled in some of the details and the work was recognized by those there. Whit was also there also there and gave a great presentation. Unfortunately, women in this field seem not to get the credit they deserve. --tony On 2020-03-08 10:56 AM, Stephen Farrell wrote: > > On 08/03/2020 14:46, Tony Rutkowski wrote: >> TLS is particular has a history going back to 1986 when the platform was >> first announced by the USG and the TLS specification was instantiated >> initially in the GOSIP standards and then in ITU/ISO standards. > That's false. I've seen it repeated a few times but it > remains false. Mostly, this falsehood seems to be repeated > in tandem with efforts one could interpret as attempts > to create FUD about Internet related security. > > TLS started in the IETF as a compromise between Netscape > and Microsoft proposals for how to secure HTTP. > > X.509 started as part of X.400, then X.500 and is used by > TLS. Today, I would bet almost all implementers never need > to look beyond RFC5280 for X.509. And I hope it stays that > way until we somehow figure out how to retire X.509. > > S. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] 3GPP forbids support of MD5, SHA-1, non-AEA… John Mattsson
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Eric Rescorla
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Tony Rutkowski
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Tony Rutkowski
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… John Levine
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Tony Rutkowski
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Stephen Farrell
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… John Levine
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Tony Rutkowski
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Stephen Farrell
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Tony Rutkowski
- Re: [TLS] 3GPP forbids support of MD5, SHA-1, non… Joseph Salowey