IETF Logo Mail Archive

Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)

Eric Rescorla <ekr@rtfm.com> Sat, 11 July 2015 20:52 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 503521ACC88 for <tls@ietfa.amsl.com>; Sat, 11 Jul 2015 13:52:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-xmkjKMOlrK for <tls@ietfa.amsl.com>; Sat, 11 Jul 2015 13:52:35 -0700 (PDT)
Received: from mail-la0-f50.google.com (mail-la0-f50.google.com [209.85.215.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AC311ACAD4 for <tls@ietf.org>; Sat, 11 Jul 2015 13:52:35 -0700 (PDT)
Received: by lagx9 with SMTP id x9so282024991lag.1 for <tls@ietf.org>; Sat, 11 Jul 2015 13:52:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=ugf8Zrvu3iRfQ7+eXg0LYxIcnlRxoJs7Y6fD7dDgzYM=; b=PKKFxmMM87E5Mm856ept60mJjh8gVhBJi5SyETMQ3gnJDcuVfaanJ2jF6UF55av4YP TNTGzjvu0nP32tx94J5BDketcFYy9AcnSNvaWO/JsC9lJ7gIfX9tQNvoOA3D1i523XCf y2BxxeHseCNHH3qNf8FhKYPVxHHmS/KGdxuoWVsAPFz9ysw7YxCMyY1ZiiBBIucDh2C8 VLy9rXPtpQGLB87gad1PDo/9ru8Xz2AbymO9t1yxqLwGxJJ0ViNKaTfmEC7IFQLnCuhb +5lIz+ZVNG/BGMJ8Osrtg1ZouPriUYqcvHI5/LSYYixeSt0SAharr0QZ503mAhcJTmAK BdHw==
X-Gm-Message-State: ALoCoQn59FbzMp+0wb1DrI/s56/y/0spI19/F3pHmVxZm6KktrGqY/JE6G/lVVApPKoK9JEka48S
X-Received: by 10.152.225.164 with SMTP id rl4mr10358201lac.38.1436647953760; Sat, 11 Jul 2015 13:52:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.114.99.103 with HTTP; Sat, 11 Jul 2015 13:51:53 -0700 (PDT)
In-Reply-To: <20150711151729.GO28047@mournblade.imrryr.org>
References: <CALuAYvbteowTeyWe9VneRHgyvzTRS3LfKdorWt=jmEy2k+wNqw@mail.gmail.com> <201507101137.44703.davemgarrett@gmail.com> <20150710154912.GU28047@mournblade.imrryr.org> <201507101154.53812.davemgarrett@gmail.com> <20150710160848.GW28047@mournblade.imrryr.org> <BLUPR03MB139645B664D7C3998B2DAA3C8C9F0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABcZeBNs9+h9UWfu=eDC3JBQ1ULCcuBSOK8B9JdDsiX-Ne5g2g@mail.gmail.com> <20150711134516.GA6970@LK-Perkele-VII> <CABcZeBO2k230mP+qpP+Mfr3ee9tsvWe6BOcAgCtYxj3=PzOZPg@mail.gmail.com> <20150711151729.GO28047@mournblade.imrryr.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 11 Jul 2015 16:51:53 -0400
Message-ID: <CABcZeBNfKioehp9FKjG8DaATn=dt5Fr==j=KGnSEWwCYibVeJg@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11349aa6f39852051a9faa35"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/iyXwlzgS-3yVluc4JrOqC_h1OFU>
Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2015 20:52:37 -0000

On Sat, Jul 11, 2015 at 11:17 AM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> On Sat, Jul 11, 2015 at 09:55:45AM -0400, Eric Rescorla wrote:
>
> > This makes a certain amount of sense (though I wonder how often it's
> really
> > an issue that a server declines to send a certificate that would
> otherwise
> > have worked to a compliant client [0]).
>
> Every time with Schannel, Exchange SMTP servers, and opportunistic
> TLS SMTP clients


Well, I assume you mean every time you have a pair with the right
properties.
But my question is how often that happens on the live Internet.

 -Ekr


>
> Perhaps the right text here is that if you have a conformant certificate,
> > you MUST send it, but if not, you MAY send a nonconformant one?
>
> Correct.  It is important to try to match a supported algorithm,
> but failing that, send what you have.  It may well work just fine
> for the client, since the signatures in question are not made in
> real-time by the server, but rather at some previous time by some
> CA, which the client may not care about (pinned leaf cert, DANE
> leaf cert, opportunistic TLS, ...).
>
> And the point about debugging also makes sense.  The client
> administrator can much more easily determine which additional
> algorithm is required to interoperate with the server.
>
> --
>         Viktor.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email