Re: [TLS] progressing draft-ietf-tls-md5-sha1-deprecate

Sean Turner <sean@sn3rd.com> Fri, 03 September 2021 13:05 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BC0C3A1DAC for <tls@ietfa.amsl.com>; Fri, 3 Sep 2021 06:05:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FGBsByB-mubV for <tls@ietfa.amsl.com>; Fri, 3 Sep 2021 06:05:38 -0700 (PDT)
Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44B3A3A1DDB for <tls@ietf.org>; Fri, 3 Sep 2021 06:05:38 -0700 (PDT)
Received: by mail-qk1-x735.google.com with SMTP id t190so5649349qke.7 for <tls@ietf.org>; Fri, 03 Sep 2021 06:05:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=W1U5BxcZ0meUmcWQoEYI0eV5tXamEqOO2kyqmaqVCM4=; b=nAJYGr63kEc2CxstWgoEEbahpWH0F8YMSY33oI+puktSnjbjfhJH82w/30zu+xTC60 nQ3Tf1rx33Hz406kTE0zK0r9p9xtSiul/t9KL4nw9U5aRo+Jg6feP2IEsOh8soH5nK75 gJ8qErorRPAqJsUEp52DJivClaMXvaKcxybTI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=W1U5BxcZ0meUmcWQoEYI0eV5tXamEqOO2kyqmaqVCM4=; b=h8xTN0GushJc1YiTF1NM/ZYH2ZMvLgrZ+vHdVU1qGvZ2tpZv0RJj8Z5GjVlMqCV1KY nj+zWjm3hNEXSHo2APCGXnUtPvMQPYwYSZch6iQs6YO7iNMQIcbF+tpiJ3cvRApIR5UX h2Z4AzsoYUHVyasSxEoeFHh3CwgoikNRY0xk2XQG0jU8ML3CSmCT27+tzoQbnRYOvWPc vwlqEa8fRtwGIPp9mGFqIxiv+6ElWsA6QR4KyhTrI3I/4H8aQM1f/AOA0VlZCeHcAgXo 2QCSvlWE5WS0VaSS4vL1pJ6Bs5S/DIsBJn70n6mBr5TtuMD6XSrRgtz9SJNhAWCXeRyU LxgA==
X-Gm-Message-State: AOAM530b8GQCVTXDdA2zjqwfsUGaxCNZdD6zBoWwOCqvCO+bMUznytjI CYAQ3HdTzPlmHHtBKoaI5rv0LkPujoxdPA==
X-Google-Smtp-Source: ABdhPJwLAxnOjt4k6rKvbvNRRh2T1L7fDYyjUJCh5fcoIuGZo+4Xxcg+HIEqC4lglQ8UEjtwgBlE1w==
X-Received: by 2002:a37:b385:: with SMTP id c127mr3173421qkf.206.1630674335356; Fri, 03 Sep 2021 06:05:35 -0700 (PDT)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id 10sm3219444qtu.66.2021.09.03.06.05.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Sep 2021 06:05:34 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CADZyTkmj2CiW46NVJZkKECO=HzdqLviskysRixW+5E8H3xv5Dg@mail.gmail.com>
Date: Fri, 03 Sep 2021 09:05:32 -0400
Cc: TLS List <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6BB37775-F095-4AA8-8C16-ADC5FA3B6AED@sn3rd.com>
References: <2E45B809-B25D-43F6-88A4-D89AA2231C3B@sn3rd.com> <8FBB5DCD-322B-4CB2-9962-1232BE6B719E@sn3rd.com> <CADZyTkmj2CiW46NVJZkKECO=HzdqLviskysRixW+5E8H3xv5Dg@mail.gmail.com>
To: Daniel Migault <mglt.ietf@gmail.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gKhRp-5aVoIGmGjsVAFB5Lszl_Q>
Subject: Re: [TLS] progressing draft-ietf-tls-md5-sha1-deprecate
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2021 13:05:56 -0000

Daniel,

This I-D is an update to RFC 5246 (see header).  Only the 7525 updates were moved to 7525bis. While checking this out I did note a couple of there places in the I-D that 7525 needs to be scrubbed. I asked for changes in the following PR to account for those:
https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/18

Thanks again for your reviews,
spt

> On Sep 3, 2021, at 08:00, Daniel Migault <mglt.ietf@gmail.com> wrote:
> 
> Looks good to me however this still represents in my opinion an update to 5246 -- which I think is also what we want.
> 
> Yours, 
> Daniel
> 
> On Thu, Sep 2, 2021 at 10:37 PM Sean Turner <sean@sn3rd.com> wrote:
> Just a reminder that sometime tomorrow I will ask for these PRs to be merged and a new version of the I-D be produced so that we can make progress.
> 
> spt
> 
> > On Aug 27, 2021, at 10:58, Sean Turner <sean@sn3rd.com> wrote:
> > 
> > Hi! While address the IoT Directorate comments from IETF LC, some addition comments have been received. I would like to address these new comments and get the I-D in the hands of the iESG. There were three set of comments:
> > 
> > 1) Based on Daniels and David Benjamin’s reviews, the I-D is not as clear as it could be. The end result of deprecating MD5 and SHA1 is that signature_algorithms is always included; we should just say that. Chris has submitted the following PR to address this:
> > https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/19
> > You will notice that the PR removes section 6 of the I-D; it is unclear how much utility there is in updating the NOTE.
> > 
> > We are looking to merge this PR at the end of next week so please submit any comments before then.
> > 
> > 2) Hannes suggested that we remove the 7525 updates text now that 7525bis is underway. I submitted this issue to capture the issue:
> > https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/issues/17
> > Peter Saint-Andre (one of the 7525bis authors) has filled the following issue to incorporate the text from our I-D: 
> > https://github.com/yaronf/I-D/issues/245
> > Yaron has already merged the PR:
> > https://github.com/yaronf/I-D/pull/248
> > Chris has also kindly submitted this PR to remove the 7525bis-related text from “our" I-D:
> > https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/18
> > 
> > Again, we are looking to merge this PR at the end of next week so please submit any comments before then.
> > 
> > 3) Hannes also had some editorial suggestions, that I created issues for:
> > https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/issues/16
> > https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/issues/15
> > https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/issues/14
> > These are addressed in this PR:
> > https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/20
> > 
> > These ought to all be non-controversial, so we will merge them sometime next week.
> > 
> > Cheers,
> > spt (as Shepherd)
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
> 
> -- 
> Daniel Migault
> Ericsson