Re: [TLS] AD Review of draft-ietf-tls-tls13
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 22 May 2017 17:17 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 271A8129B9E for <tls@ietfa.amsl.com>; Mon, 22 May 2017 10:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lckakExZJCoO for <tls@ietfa.amsl.com>; Mon, 22 May 2017 10:17:20 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0DA2126C23 for <tls@ietf.org>; Mon, 22 May 2017 10:17:19 -0700 (PDT)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 145D27A32F1 for <tls@ietf.org>; Mon, 22 May 2017 17:17:19 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <f262447d-5bd1-68c8-dac6-ad2224733235@akamai.com>
Date: Mon, 22 May 2017 13:17:18 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: TLS WG <tls@ietf.org>
Message-Id: <35E448DD-7F74-4563-9707-DFAB66125FAA@dukhovni.org>
References: <CAPZZOTgizE2n06V9wEtARFCXB7FP_eikW-K1k67bZG11kNhSAw@mail.gmail.com> <44AED5C2-B21C-442A-8412-9134D1C10BCD@dukhovni.org> <201705192143.19490.davemgarrett@gmail.com> <20170520054117.GM10188@localhost> <80AB5C55-41BA-471E-A55A-86E98299B652@dukhovni.org> <f262447d-5bd1-68c8-dac6-ad2224733235@akamai.com>
To: TLS WG <tls@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/o7f0h6_beaAZLx8fR8RtRVX3rbc>
Subject: Re: [TLS] AD Review of draft-ietf-tls-tls13
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 17:17:21 -0000
> On May 22, 2017, at 1:06 PM, Benjamin Kaduk <bkaduk@akamai.com> wrote: > > Given the apparent strength of opinion against removing these supposed restrictions entirely, it seems like this text (or something similar) is probably the best we can do. Perhaps so, but I saw only one strong objection from Dave Garrett. Is that sufficient for "apparent strength of opinion"? Removal is simpler, and it sure does not look like people are determined to continue to support MD5 and SHA-1 in certificates, but would be willing to relent if TLS 1.3 told them not to. Isn't the language in question tackling a non-problem? That said, if the only way to rough consensus is a properly qualified requirement to not rely on such certificate signatures for authentication, (rather than must hang up with a fatal alert when you see these, must not send these, ...) then I'll go along with a compromise. -- Viktor.
- [TLS] AD Review of draft-ietf-tls-tls13 Kathleen Moriarty
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Kathleen Moriarty
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Russ Housley
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Russ Housley
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Kathleen Moriarty
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Russ Housley
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Kathleen Moriarty
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Kathleen Moriarty
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Dave Garrett
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Brian Smith
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Martin Thomson
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Ilari Liusvaara
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Sankalp Bagaria
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Nico Williams
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Dave Garrett
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Nico Williams
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Ilari Liusvaara
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Nico Williams
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Benjamin Kaduk
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Benjamin Kaduk
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Salz, Rich
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Yoav Nir
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Nico Williams
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Nico Williams
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Nico Williams
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Nico Williams
- [TLS] Better weak hash language (was Re: AD Revie… Dave Garrett
- Re: [TLS] Better weak hash language (was Re: AD R… Viktor Dukhovni
- Re: [TLS] Better weak hash language (was Re: AD R… Dave Garrett
- Re: [TLS] Better weak hash language (was Re: AD R… Viktor Dukhovni
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Bill Frantz
- Re: [TLS] AD Review of draft-ietf-tls-tls13 Ilari Liusvaara
- Re: [TLS] Better weak hash language (was Re: AD R… Nico Williams
- [TLS] Standard security levels (was Re: Better we… Nico Williams