[TLS] Re: RFCs on weakened crypto are not fixed by warnings
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 09 April 2026 12:41 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C1181D8AE076 for <tls@mail2.ietf.org>; Thu, 9 Apr 2026 05:41:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775738484; bh=IFF90grC5A8rcUa/kibMqUtz0HyZfIdAj2uNJIH98r8=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=RkqNKSog/CyEbi8S+2RBqzStayiAo5y6yXdFb7hvNGSYKUMTTcMUtQmGLf+z8t8Zq ys2tXyU4qzmI99ZW/Zut2Kea+fCvLV+Iqczn6H9BnT0zk+Y9BLCwpu3CJqV/OLX5nY Rt/S9/Wj5SKOJw15FsXuM50SinlisNqMNS5XvNfk=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.auckland.ac.nz
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaG1lxTGBfCX for <tls@mail2.ietf.org>; Thu, 9 Apr 2026 05:41:23 -0700 (PDT)
Received: from SY2PR01CU004.outbound.protection.outlook.com (mail-australiaeastazon11021134.outbound.protection.outlook.com [40.107.39.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0CFCAD8AE068 for <tls@ietf.org>; Thu, 9 Apr 2026 05:41:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nUhoBI/EvcT5AWtV/1DQJ1+sP4//SX38m5/ivTvDoDk0G36n4vIyjIkeqXTN4qXr3u6oowuLs3oYe2sXAd37P2Skxhg3UO+TA0rv+f6vkEFjW77+GvgKVTM9UfAMsv46zz1hwA80p2hkDVgLVbQo4QCMVQlMD+HbGIHzv1zmdofAsuCrtKrhO+53URztgCBhCclcaQgAZoqJbo6iWzh9U4D1NZPaiuRRp+kLO7ULvjyb9l3WoXGLKSjp0FBYE7rJ/gOMowpsgvJYFljM0ZdSXFhs+iSdXEqrxAiOUeQlW/S8rZqB1giT4zQjb2Y/2zjXDwiHRB4DXtA1NLXtc8TxRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T3GXAx4Lwe7oz1Dq5HWhrR+07LAJfjKXkcNmmciFPso=; b=Ki2tRvCYBjcEJORt0H626gDT6WaKJmr5vMDzd9uY7DiYYek3xhsS8PMMFIMnsXF74lCX/kpFXB7Quim/+fvucqjTlo1CFBQ1vnPcDowv681JDKee94aUPfAflMsglDUkRrD1qJR7zOY9y8O6gMpkzWPXLfcF/fz9XtcdUuWEbUzzGGVQ22xQ/ByXr9adMiVLsnTSqOcbA4LRgZFmbivJYRVtSR9bS9irAxCDYg8GJfUN2aMU/HVr6keafmGkUVhsiszgaHnP5n3ieG5Sqz/aoAiLhRxKWpNp/33pmwhQRVzXgLZAdxmsWo7hE+zPS05zOypQjm+kbBoIpcn1iLHhTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.auckland.ac.nz; dmarc=pass action=none header.from=cs.auckland.ac.nz; dkim=pass header.d=cs.auckland.ac.nz; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.auckland.ac.nz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T3GXAx4Lwe7oz1Dq5HWhrR+07LAJfjKXkcNmmciFPso=; b=RgtH2npkTJjV0iAfK9bnh6yKJzjwLZrBH1QNvUKWdTMFvRjLBiJdbcwLnq+9Jgc0qdXBfYO8qT1X6HCpbSoE1se+unm8nyGv5KXnMeA1RXUNfB/I6Rpq8BalrFdB0nqkk6MsmfqtGPowEjL+pPCeL7vzY7W0bgqi8PwEFHe/91LYfy6YXMB8wzZTeDdEUC1etRO1C69MKfM4uzvO3YHqI9EyjqlHLyCt8/E6crR15XbiVgsuSHeHOwgo/pzQK3TIJ/9QB1FQfWUuNQkLGLOi/exYnMiTR3zAl2LOR8tyTI0HYfKJCGXehIcGLJHMtI9EWU9BawI/CbRRSpqx5yWQ8w==
Received: from MEAPR01MB3654.ausprd01.prod.outlook.com (2603:10c6:201:38::9) by SYBPR01MB5631.ausprd01.prod.outlook.com (2603:10c6:10:e1::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.42; Thu, 9 Apr 2026 12:41:09 +0000
Received: from MEAPR01MB3654.ausprd01.prod.outlook.com ([fe80::e2ae:955b:18b7:3064]) by MEAPR01MB3654.ausprd01.prod.outlook.com ([fe80::e2ae:955b:18b7:3064%5]) with mapi id 15.20.9769.016; Thu, 9 Apr 2026 12:41:09 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>
Thread-Topic: [TLS] Re: RFCs on weakened crypto are not fixed by warnings
Thread-Index: AQHcx6otrscpgCF8H0ycQvABc2FVO7XWpG2hgAAEz4CAAAN9Kg==
Date: Thu, 09 Apr 2026 12:41:09 +0000
Message-ID: <MEAPR01MB3654AA18764995FCA5EC5ABDEE582@MEAPR01MB3654.ausprd01.prod.outlook.com>
References: <20260408194014.928705.qmail@cr.yp.to> <0c51eec9-4446-4cf6-b07a-4481c68d2216@tu-dresden.de> <MEAPR01MB3654DA28A8EE6229EF16B567EE582@MEAPR01MB3654.ausprd01.prod.outlook.com> <CAMjbhoUjEGHg-ngop2sZGgXvUCPv3K8YzcW+ir195q+PvcBjPw@mail.gmail.com>
In-Reply-To: <CAMjbhoUjEGHg-ngop2sZGgXvUCPv3K8YzcW+ir195q+PvcBjPw@mail.gmail.com>
Accept-Language: en-NZ, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.auckland.ac.nz;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MEAPR01MB3654:EE_|SYBPR01MB5631:EE_
x-ms-office365-filtering-correlation-id: 9efc1034-5696-4f84-752d-08de9635469d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|10070799003|786006|38070700021|56012099003|18002099003|22082099003;
x-microsoft-antispam-message-info: Lx+AvFfGmPgUldwMEhuGk9GjkEWZG40alJ7N+csLRzD+O2iGwalQR4jKYJDC7ickt8OmXfIAnFI6mOAwED+ep5SLneHnH/O8ZH41YLFwqe6jOY7hHOpmvotJGPbzTelhnMNDwDLvNNAWIn1V9z4NnDk8jIHT5B+RZaQy+ZuHNnyqgVCXZxLlTZFab98dM3cGitKOHMJa4tPD58eJwqrfdwD53+1NKdqk4sIgm4ebCuHANo35sE9K4Le9fQ78pMEvTGefDdr2p6LqmsM7tKhaIT8UgMcyXf8O/3/KZXrD9kBjA1eYuLCTaREjZpK4CS67v1ZKLnLC4deG+Uib2lK0GW6+xWxP6gIm5LnDVNsXiNL1YUg5BdO668wglVd9cKQBLjsHbiWYz/Z+1kuuUhno7KbBbSrORGyeytd0tyA+XzhZSfzd9ckoP13YXUOIck1XYzCAMGUQhSkvZ/CZRKJoTVMuR4RD/Bfw8t9F2jIFtgh9tuFA48ae7QkdbNUZSnHON6JsY3fK+WCnMcWQXk/R9LaKYIMKFb+V6rPfu3EggP+dcj/IyAkKUVQ73PGKskOrRmZ3Tsqvsz7P9XcWQopJBAKuxCrx2IBGMcABJN8nA9N8HtBr33cmB0LnCghw9y3Q1mXfNCYyh8OlW0M079KUqg4/woJ+qlqUI58KD7AbWo3nCLVf16Krhf63IRu7zos1qv36J1BHFY+vKWHeJ2VTXRM0ECbcwdbm32meMY5jyt3ANBCHMBdZPgvcGmYp4foJfxg6Qo9gEAvEGOy3V+Y+0wAqt4lWIg+lPaYbWs7Eiik=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MEAPR01MB3654.ausprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(10070799003)(786006)(38070700021)(56012099003)(18002099003)(22082099003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: Y+a5zVhW483g3iitQkpm/cg2f0aVaUJcrlQdtKBy7fTXER/+ZErYXi0HKtzjYwiEpaCUR+Ub1rKZEclPp9wloNZgdcKA/c+D+kOOSvH4IusY5EdzjWDtIenb1pEptI1OhcLKzyXEMeXSxyWXTSXfEsDS2yQuMmuP8hIa4fhw8+y+nvKDVfh6qC/x2myfr6yDshdvY+EPJpKkXDh5oYsLkox4cAvaD9OpKLgxAkRiKiFxeOUH4XCugtlXjHl+tmVclay3FajRXqvEYw+xBfuyOW4mN2qNc3fvXOLingirnaJy8zofDoLC0rlilQi2DWvhbd3w61vH9csIC+sSTo0wILGl2/weUkldfxZDeQxtci1+k01kCsxP+0Z1FvJn9UqDN0nJcQVcKNceWNZd8CMat8/KRFD0P7K8X0cltZY7dskMqsvfQsoed0D8HevEgyJmbcqCR3hnKBWcN+GDhKp56C7t5ZLIVq5ACQnkgf6W5302D4rpwQnu1V4T+VOibaao/+a9Llie3Yqom5figqI+RMD7SyaNP+l2C+EaL/IvxwO1r5xlY8wjwLjIc34Tlu1mC9ZHr0sHgZKL+5v6pEhOuaEEbB07FlbvyQq8tHA0t/i4xrfecH53w7EhsaBagh8alxhvT5xPEX0sA27yI3TYT4/EBHPaaQPRUZmufC9PAAjJ0iuzzynr3fOKYLC0CFpVeX35ci+kI4n3Dz7qZAKse0js4xyslP6ClAVmdHl4aFChCGYjkD/NIeBZg6t3NPo0rYx661RS21X65kDo5bfNlWoawaV7au4G86rXnx/A5T8jO4kley69IehEbUXtgyGWFSoGCeSXO5xAa1C4mT37oWyXWamlfsxoOTbiHyMTIFHy429qaX8CbdZx3cjNBL9JbFmHdma9T+tIAlDlFMxSJS1Szh331tZelsLIdkopNHE47GFcvtZM80L5QygSJKzbHf0ONYjFKj3IWN1ZT/OGGKzKerijEz4UeDvMXkrW1HzAaHqPYpvHNT3PvItChcnUApFVT2mDjyB6CuTCWsZcqOhNP4U2+noEfmwXjmMeW9KhNobP9u1pgLtgKwenBrl1YOpQ0asot1elsOaDMnTpC3epHz830NNyG2DV8DN7fhA+UYE1Zyors/VwQJzR8YZA1m+kkhsktIPbSU7WRoZ2QkDC8ctOgF7QzfILOd3EFdcizi/b7dmNtO80efYY+nwz7RPskqs+1LtL3WC8u4VMO1LttnA7vPIRaBAyxbipST/ZUYDw2fg0OanwAaWQ4AvemsXmV9Ki39XJlhKZ5UftuV0mpbesttBpA4rN2/Fd6lPCBZP+0Ze49dcBikK7mLHscE6sbqItJEDu+bRNQMmfOYoX+NYFcbwKmh0mij8x/IYl2GvlVKicu5UW/Cm70TnxaD5/S0xg0P1MoepWW3IzvlgikLaLqBNqHZoFPQkJyEgE4nu4IYvyWtFgls92hHvIPv3g1Jf1tfvjiQDJmgaGXF1HBy+LB+2yGhANmQR+gZevxKl5Tt4OzIeaa2eaFB6sXKbp8SzKq6evYUxGXJQIjPfbz2O13q07pmuDKH3BqzP0c31dVStF019sgUChFF58t2Jrwq1cw2pYgAezoxRSAtqW/E+hU8OW2nfe2Lt2AC1QqRVGrLWnKn4QHp5v8x3dSOFV2lsGlXMRbF5lcn+RX3TmgaDtjLf/QGH2DsDLQYXrIgQ3rSo9svobUjQoDs2WDT8zC/nAteQCkVejU83B7mN0O0Xw3I5SDs2H0IjO2m0a9CQ5j4y2hitsS6cZMgpL62KTmeGS
x-ms-exchange-antispam-messagedata-1: nvh11sdYLrCYYg==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MEAPR01MB3654.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9efc1034-5696-4f84-752d-08de9635469d
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2026 12:41:09.4723 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: I8lXvUQj2aeG7fSoB+VrmjeuelEG5Dit7uO87eqHgxnCQlpJw3PzylehJGoLCbZiXH4qKFXOqycEewJ4kf+Tw6EjRAhtMUroREraBHgYUeY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBPR01MB5631
Message-ID-Hash: TJAQFNCMROXIIA7RAQPP27CSK3ZIDOKU
X-Message-ID-Hash: TJAQFNCMROXIIA7RAQPP27CSK3ZIDOKU
X-MailFrom: pgut001@cs.auckland.ac.nz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: RFCs on weakened crypto are not fixed by warnings
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kFyTM4h_7AVNIk9bfizhYKbHvvk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org> writes: >4M is a steal for a WebPKI CA private key. And then what do you do with it? Annoy the CA that they have to replace their key? Peter.
- [TLS] RFCs on weakened crypto are not fixed by wa… D. J. Bernstein
- [TLS] Re: RFCs on weakened crypto are not fixed b… Viktor Dukhovni
- [TLS] Re: RFCs on weakened crypto are not fixed b… D. J. Bernstein
- [TLS] Re: RFCs on weakened crypto are not fixed b… Viktor Dukhovni
- [TLS] Re: RFCs on weakened crypto are not fixed b… Muhammad Usama Sardar
- [TLS] Re: RFCs on weakened crypto are not fixed b… Peter Gutmann
- [TLS] Re: RFCs on weakened crypto are not fixed b… Bas Westerbaan
- [TLS] Re: RFCs on weakened crypto are not fixed b… Peter Gutmann