Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

"Martin Thomson" <mt@lowentropy.net> Mon, 06 May 2019 04:18 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B6EA120088 for <tls@ietfa.amsl.com>; Sun, 5 May 2019 21:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=G+J0xydG; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=1ILtFIoV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qyTiPLwvPtq for <tls@ietfa.amsl.com>; Sun, 5 May 2019 21:18:03 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3D4C120075 for <tls@ietf.org>; Sun, 5 May 2019 21:18:02 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 155C626238 for <tls@ietf.org>; Mon, 6 May 2019 00:18:02 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Mon, 06 May 2019 00:18:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=PmhiZge4D4qcUSxG4KSQzMVuCilSZQO 2WJ03yrUKfeU=; b=G+J0xydGmnc4QezyzmYjcXISCShc33o53uz2DXy7KWOmBA8 D4d33hl82uHJ8ahRiv/ChDvUTq+Jbr1LBnlYiIw+SR1jYQh9pJL09O/M/FNmoP99 VaQlEqCwxH2U/beenTJE6E2MzFv4hpzDUz8OTmFpZV4Tr3oso9r7rMOj59q48WKX HrGxsJPiXJJeTeNNPQsgOPhC9nNauSILi0t9WiHMej3rwZ4QDU6HSvfL8dqcJMcL laQhAR8LCVBcje3hbeX7Fa+yqTxeaZ6o/M8khGHnb4yGuSGbhaTYGW5Lnv4njknh gBdoAzsDjsz6mhF7Iv2AcsMO8rFM36Tt2WKdIRg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=PmhiZg e4D4qcUSxG4KSQzMVuCilSZQO2WJ03yrUKfeU=; b=1ILtFIoVsSZs6dDZkMTNpL l0uQj/sRkDIO9B1wbJp8wnfpINyMY21PUrbELECSdJn1nAup+Eel7tiNTyTpAxiV u+rVb9k9VzwCi+CtZm7+chC308AK3fGIIoHYkwO8otK6W2mkBL/T6Br6NtkAIYn1 8o5RlW5yNJMR3+xVc8WuId7gj3KZWcGx7aoU4XVB6UVQokKtLdmJL15GV/erpJ3r EMpEQzjAFum9cF6cbTZztp5/RLGqmnH6wzSmQ37NJDC7omG/pMvR6AV+MfMUNRIW q+vC0Dwv51AxFOqoFcAVV2MsyILbWqleRzoQjcdjfkZ/ynp8/88UD8GNdltGcxsA ==
X-ME-Sender: <xms:ebXPXBjP8oyQ9uWMiFXWuti1PJK4ZMGaXqH0yjC8wz7MJM2y_wo42w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrjeeigdekgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuffhomhgrihhnpehivghtfhdrohhrghenucfrrghrrg hmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthenucevlhhushht vghrufhiiigvpedt
X-ME-Proxy: <xmx:ebXPXO3KS2LJrW97wWXzuWEs_2lPGKdfhPXKUtlEYtagBX8ZP4xyGg> <xmx:ebXPXCYG5CgvZzRG0F92KLgF2hMPr7NnVcW6YwLYFAwqkwS7IMSSSw> <xmx:ebXPXLjG04Ct2tlTzueklBfKxsq8NNOoiRMPVZx53bset3EijSe3qw> <xmx:erXPXBDzop6QLJ9uDypmuij-QhcbVZKqP3vjf8Pr421rnITd_i5R_g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 905067C6D9; Mon, 6 May 2019 00:18:01 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-449-gfb3fc5a-fmstable-20190430v1
Mime-Version: 1.0
Message-Id: <45f6682b-8a58-4547-80a5-8a42107d60a1@www.fastmail.com>
In-Reply-To: <CAHbuEH7y8gFrVjDPY2AFRH_QQQUtaB8-SqKAmgjcGO+ksM3UTw@mail.gmail.com>
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com> <7d37f7ca-e253-4c95-9cf7-2d16b0b6a0aa@www.fastmail.com> <20190430234952.21F5C404C@ld9781.wdf.sap.corp> <5441930.X76MtM1CnQ@pintsize.usersys.redhat.com> <1556902416424.28526@cs.auckland.ac.nz> <20190503172022.GH4464@akamai.com> <1556904629782.23087@cs.auckland.ac.nz> <CABcZeBNKgSFYg7gm-4ZibHSzDxO9qSjM5UGQXo81Rv7_r+m9gw@mail.gmail.com> <1F7FC950-358D-4D5C-963B-B7B837AE49DA@gmail.com> <CAHbuEH4Y6PJDhoHPnCkBgsAkOhvSTHFpew3V1d9iSQs_bknYSQ@mail.gmail.com> <1556937973484.34949@cs.auckland.ac.nz> <CAHbuEH7y8gFrVjDPY2AFRH_QQQUtaB8-SqKAmgjcGO+ksM3UTw@mail.gmail.com>
Date: Mon, 06 May 2019 00:18:00 -0400
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dM_ucRORjFpqsKZeS_i5s32r264>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2019 04:18:04 -0000

On Sat, May 4, 2019, at 23:01, Kathleen Moriarty wrote:
> WG decision is appreciated on this point and proposed text for RFC 7525.
> 
> Proposed:   When using RSA, servers SHOULD authenticate using 
> certificates with
>    at least a 2048-bit modulus for the public key.  In addition, the use
>    of the SHA-256 hash algorithm is the minimum requirement, SHA-1 and 
> MD5 MUST not be used (see [CAB-Baseline 
> <https://tools.ietf.org/html/rfc7525#ref-CAB-Baseline>] for
>    more details).  Clients SHOULD indicate to servers that they request
>    SHA-256, by using the "Signature Algorithms" extension defined in
>    TLS 1.2.

Whether the chairs want this here or in a new thread, I fully endorse this.  I don't think that I can safely turn SHA-1 off today, but it's definitely on the list.  We don't even have code for MD5 in the stack any more, except for the weird paired hash thing in TLS <1.2.