Re: [TLS] EXTERNAL: Re: Signature Algorithms
"Mehner, Carl" <Carl.Mehner@usaa.com> Tue, 17 March 2015 17:51 UTC
Return-Path: <prvs=051808e471=carl.mehner@usaa.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18D471A8848 for <tls@ietfa.amsl.com>; Tue, 17 Mar 2015 10:51:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.011
X-Spam-Level:
X-Spam-Status: No, score=-7.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5L_JOY_RNmj for <tls@ietfa.amsl.com>; Tue, 17 Mar 2015 10:51:10 -0700 (PDT)
Received: from prodomx03.usaa.com (prodomx03.usaa.com [167.24.101.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95F2E1A883F for <tls@ietf.org>; Tue, 17 Mar 2015 10:51:10 -0700 (PDT)
Received: from pps.filterd (prodomx03.usaa.com [127.0.0.1]) by prodomx03.usaa.com (8.14.7/8.14.7) with SMTP id t2HHp0aq003850; Tue, 17 Mar 2015 12:51:07 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=usaa.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=201408; bh=kiMZhdgtwuWaVs4zLnAFx2J6lV/BrDI5yVYuqfzOaqg=; b=Zl+Ed12veRCL7oBLMYB+V3zj1UOfKYYZ4348s+0G9x+dJPu7UcDKYYWpvlLOAXXN7Dzt VOJUKbFeHnGG1Tx5d/7aykY+vjAIS5g4tRiHSK+X+83gEg9uMSVcxaXTYonxsiuVRllm UryHx/e+9Nrj6hx3DRPtVcbqG27Y0uPESp4SV6UmvchJPxfYw0CYTeAZ4RW/bHWWmkmu 61Pmnn2eR/pqsu/Svt1uJ5/AMCXkUGwasClGjyZ3Fx5eyXNeY50H78OSrO6P6+mYon0p PVoVvvtcvmBZzf80FzT3cyJ+HbuHMDUw3x7M8b89a1HX1AxovHgKuNqjdxwi5Lw6I9MI zA==
Received: from prodexch03w.eagle.usaa.com (prodexch03w.eagle.usaa.com [10.70.41.152]) by prodomx03.usaa.com with ESMTP id 1t629b9hqy-1; Tue, 17 Mar 2015 12:51:07 -0500
Received: from PRODEXCH01W.eagle.usaa.com (10.70.41.151) by PRODEXCH03W.eagle.usaa.com (10.70.41.152) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 17 Mar 2015 12:51:07 -0500
Received: from PRODEXMB01W.eagle.usaa.com ([169.254.1.159]) by PRODEXCH01W.eagle.usaa.com ([10.70.41.151]) with mapi id 14.03.0158.001; Tue, 17 Mar 2015 12:51:06 -0500
From: "Mehner, Carl" <Carl.Mehner@usaa.com>
To: Dave Garrett <davemgarrett@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: EXTERNAL: Re: [TLS] Signature Algorithms
Thread-Index: AQHQXmX8asKK2lJ1wUKslyiYez0tCp0hSkSA//+tOkA=
Date: Tue, 17 Mar 2015 17:51:06 +0000
Message-ID: <19075EB00EA7FE49AFF87E5818D673D411463A97@PRODEXMB01W.eagle.usaa.com>
References: <19075EB00EA7FE49AFF87E5818D673D41145FB0C@PRODEXMB01W.eagle.usaa.com> <201503171341.40315.davemgarrett@gmail.com>
In-Reply-To: <201503171341.40315.davemgarrett@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.122.15.114]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_00AB_01D060B1.08A2F6C0"
MIME-Version: 1.0
X-Proofpoint-Direction: FromExch
X-Proofpoint-Direction: Internet
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68, 1.0.33, 0.0.0000 definitions=2015-03-17_04:2015-03-17,2015-03-17,1970-01-01 signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/mAdzR-Sok6peamnZWFIjiaE9JXI>
Subject: Re: [TLS] EXTERNAL: Re: Signature Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 17:51:14 -0000
> From: Dave Garrett [mailto:davemgarrett@gmail.com] > What's the viability of having TLS 1.3 drop support for SHA-1 for end- > entity certificates? (not root or intermediary, yet) This would of course > be in addition to dropping all support for MD5, which I think is pretty > much a given at this point. > My thoughts were that this would happen on or after the sunset date (2017-01-01). Dropping SHA-1 for EE-certs is not something I am looking to have mandated in this document, just allowed for. (By not requiring all the certificates in the certificate_list to be signed with a supported algorithm regardless of if the signature was calculated in validation.)
- [TLS] Signature Algorithms Mehner, Carl
- Re: [TLS] Signature Algorithms Eric Rescorla
- Re: [TLS] EXTERNAL: Re: Signature Algorithms Mehner, Carl
- Re: [TLS] Signature Algorithms Dave Garrett
- Re: [TLS] Signature Algorithms Hubert Kario
- Re: [TLS] Signature Algorithms Viktor Dukhovni
- Re: [TLS] Signature Algorithms Viktor Dukhovni
- Re: [TLS] Signature Algorithms Dave Garrett
- Re: [TLS] Signature Algorithms Viktor Dukhovni
- Re: [TLS] Signature Algorithms Mehner, Carl
- Re: [TLS] Signature Algorithms Daniel Kahn Gillmor