Re: [TLS] [Iot-directorate] [Last-Call] Iotdir last call review of draft-ietf-tls-md5-sha1-deprecate-04

Sean Turner <sean@sn3rd.com> Fri, 30 July 2021 23:56 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 965E93A1802 for <tls@ietfa.amsl.com>; Fri, 30 Jul 2021 16:56:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUHtEd3k2oRO for <tls@ietfa.amsl.com>; Fri, 30 Jul 2021 16:56:03 -0700 (PDT)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22A2D3A1803 for <tls@ietf.org>; Fri, 30 Jul 2021 16:56:02 -0700 (PDT)
Received: by mail-qk1-x72d.google.com with SMTP id x3so11076752qkl.6 for <tls@ietf.org>; Fri, 30 Jul 2021 16:56:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=6gmTISc36MxBABVbNgJWLu7Z1lddlJpXxU8ZzWVqv+M=; b=fGP+HZmikjwer+FDOP1Lo9lgYAtUdqEsfmfK3sJkgT6TsBCe2aFbH2lqN34fNE3H+3 29d6Y7zE+fMsQf7ksWt2cG4Hbbmw/BtMoEj3xymCONsd3jL4u4Bxqa60H9e1sLj2x18D ALAeorOVbepgiiNqczD7svN0x4tYMCSxKLNCk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=6gmTISc36MxBABVbNgJWLu7Z1lddlJpXxU8ZzWVqv+M=; b=dS1nPWrZ89uzyjeM8DSvCgCamZTn4lQFKhLLFZwW+ATyZGaFJOhrZ0qpQx1AgC4oK/ rU6RgSYCeaMp6cRaa2cx3AFhNyCxC3757UGFbRFSolQvCOTONvv7fr8EpIJAfQe3MAfW /3UtOuh0h21ZB/3xUeOnA4jayl5y+ji/TwEx+icl+zs7bSS7d3RBbwFgHxUVM0p2yDYq l/yFRP1Bf6gK/uF/D13NwZeSqod7yvMrdKnQJnYriPfO9v3sQpm7gU1mqaU5ssIpWMN4 rscnfKF8Na4A/O4oopPZtvfo6qC02cbyQTZ+UIdM4FpU1mPb9QkT4ccBFzhU44c+oQbd JQKg==
X-Gm-Message-State: AOAM531ULvrzB37SVYEmjoLc0ih2amtic8O/FFVC8lScHN2eTVmhdhgY Q2qXrzMloMMV9IZn0Ls6K+jUWg==
X-Google-Smtp-Source: ABdhPJymLEbESxx9iy5Fhg9fuSksfzXTqg66fcIf00O7th+Sdhp9qOFyYo3VG/tSBK51xCFckBNTcg==
X-Received: by 2002:a37:6c43:: with SMTP id h64mr4875315qkc.362.1627689361304; Fri, 30 Jul 2021 16:56:01 -0700 (PDT)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id q184sm1751103qkd.35.2021.07.30.16.56.00 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Jul 2021 16:56:00 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CADZyTkm1Qmb2VDMiQN82oOojYrhRJA_95j=T3pxpxZ5oFCAiew@mail.gmail.com>
Date: Fri, 30 Jul 2021 19:55:59 -0400
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Russ Housley <housley@vigilsec.com>, "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "draft-ietf-tls-md5-sha1-deprecate.all@ietf.org" <draft-ietf-tls-md5-sha1-deprecate.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <524E28CE-92D6-4E25-A85E-B5D1C1A6919F@sn3rd.com>
References: <160380837029.27888.4435196327617929302@ietfa.amsl.com> <9EA8797E-2487-4465-9608-6CCB6E565BEE@sn3rd.com> <CADZyTk=_WSrc+UfKmZ6b=HzmfEvitu1p6Q9N7GvkHUn3619dnw@mail.gmail.com> <CAOp4FwRyd7tAcbQJR3Td_N=SgdUionwvbXfva2_tnvXcvHWkvA@mail.gmail.com> <CADZyTknQhh=yNf2isOutZa1XKoHtk6dOvE6hgXni8JowsJm=eQ@mail.gmail.com> <C93021E9-3F50-4448-8659-EE6688C3A9E0@sn3rd.com> <C9D655C0-BD5E-4E52-BFF4-BD88D281B34B@sn3rd.com> <CADZyTknWs-kNp4EO39souKQwHsT=EAWOQ_E5Z4J77KFgudhhhg@mail.gmail.com> <CADZyTk=tgThJ7RJ_=K=gdDYcUWkhy0AjcLB_Nvf1=UEUBrzAUQ@mail.gmail.com> <32892AD4-EA0B-49F2-9CFD-FA9509FA3010@sn3rd.com> <A48DAF03-F2CB-4448-B9E8-6AE4ECB77565@vigilsec.com> <DBBPR08MB5915AE02B525DE00B05F9EBEFAEC9@DBBPR08MB5915.eurprd08.prod.outlook.com> <CADZyTkm1Qmb2VDMiQN82oOojYrhRJA_95j=T3pxpxZ5oFCAiew@mail.gmail.com>
To: Daniel Migault <mglt.ietf@gmail.com>, TLS List <tls@ietf.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wHb8gNyM_n7XqopS-LtLAF1W3WM>
Subject: Re: [TLS] [Iot-directorate] [Last-Call] Iotdir last call review of draft-ietf-tls-md5-sha1-deprecate-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 23:56:10 -0000

Daniel,
 
So the current proposal is that signature_algorithms is always included.  I understand that with that in mind it might make sense to also remove the other text as well.

What do others think?

spt

> On Jul 30, 2021, at 12:25, Daniel Migault <mglt.ietf@gmail.com> wrote:
> 
> Hi,
> 
> Just to sum, up my initial comment proposed to mention as being removed remove the texts mentioned below. Since Sean mentioned that removing a text with MUST can be problematic, for the first text we can also just explain that in the context of this draft, the first text ends in being some dead code. I would be interested to understand - and only for my personal understanding - why removing a text with MUST is harder than a text with MAY. 
> 
> My understanding is that the current proposal is to remove the second text, and that the case of the first text has not been concluded - of course unless I am missing something. As a result, I think I hope we can converge for the two texts and I am fine the first text being mentioned as removed or ending as  dead code.  
> 
>  """
> If the client does not send the signature_algorithms extension, the
> server MUST do the following:
> -  If the negotiated key exchange algorithm is one of (RSA, DHE_RSA,
>    DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA), behave as if client had
>    sent the value {sha1,rsa}.
> 
> -  If the negotiated key exchange algorithm is one of (DHE_DSS,
>    DH_DSS), behave as if the client had sent the value {sha1,dsa}.
> 
> -  If the negotiated key exchange algorithm is one of (ECDH_ECDSA,
>    ECDHE_ECDSA), behave as if the client had sent value {sha1,ecdsa}.
> """
> 
> 
> """
> If the client supports only the default hash and signature algorithms
> (listed in this section), it MAY omit the signature_algorithms
> extension.
> """
> 
> Yours, 
> Daniel
> 
> On Fri, Jul 30, 2021 at 5:10 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
> I have no problem with the suggestion.
> 
> A few other observations:
> 
> 1. FWIW: The reference to [Wang] is incomplete.
> 
> 2. The references to the other papers use the websites of the authors or project websites. I would use more stable references.
> 
> 3. Kathleen's affiliation is also outdated.
> 
> 4. Is the update to RFC 7525 relevant given that there is an update of RFC 7525 in progress (see https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis-01) and even near completion?
> 
> 5. The title of the draft gives the impression that this update only refers to TLS 1.2 but later in the draft DTLS is also included via the reference to RFC 7525. Should the title be changed to "Deprecating MD5 and SHA-1 signature hashes in TLS/DTLS 1.2"?
> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: Iot-directorate <iot-directorate-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Wednesday, July 28, 2021 10:34 PM
> To: Sean Turner <sean@sn3rd.com>; IETF TLS <tls@ietf.org>
> Cc: iot-directorate@ietf.org; draft-ietf-tls-md5-sha1-deprecate.all@ietf.org; last-call@ietf.org
> Subject: Re: [Iot-directorate] [TLS] [Last-Call] Iotdir last call review of draft-ietf-tls-md5-sha1-deprecate-04
> 
> >   In Section 7.1.4.1: the following text is removed:
> 
>      If the client supports only the default hash and signature algorithms
>      (listed in this section), it MAY omit the signature_algorithms
>      extension.
> 
> >   Since it’s a MAY, I am a-okay with deleting. Anybody else see harm?
> 
> I don't see any harm.
> 
> Russ
> 
> --
> Iot-directorate mailing list
> Iot-directorate@ietf.org
> https://www.ietf.org/mailman/listinfo/iot-directorate
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
> 
> -- 
> Daniel Migault
> Ericsson