Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Peter Gutmann <> Fri, 03 May 2019 17:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 037B11202D0 for <>; Fri, 3 May 2019 10:30:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uRzpWyo9-2rA for <>; Fri, 3 May 2019 10:30:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EA42B1202C9 for <>; Fri, 3 May 2019 10:30:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1556904645; x=1588440645; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=FktJ5CKG1hb4l3jmBZWxB2ow8YQ7N59w78OvKzXt3ao=; b=BgHsETv3KuHcn0a9q5RwNpfbhc9fM2eVSsHRe9uQy2TZDQmIwKznbcZW JbuxgDrAsMEj0hpZQ7w1f72d+1CiWQxcT/Imauuga6/M+qBq8gxfimCsC F8HZ/wg2N/rdaPwpVL0WRI1nPa6bvLA8cXcPzzhlVHSLzCM/4rZb0kN8X eGOS1RDQW2VKtuK8AXPpae5TGdze3439911Wb6DbYCqE1AYw8RZRG4sID FFn5Uc7h5tbC6alE+54RlPQ9BQtv68VwnQaA+bDNNCo7gbTCdKE7A3/Qz /7XzbPgma2rhtDYFkC3pMrGTMtRX5OBUHScCt30gDEl/rmTWZjeke3b4n Q==;
X-IronPort-AV: E=Sophos;i="5.60,426,1549882800"; d="scan'208";a="60192461"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 04 May 2019 05:30:39 +1200
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 4 May 2019 05:30:39 +1200
Received: from ([]) by ([]) with mapi id 15.00.1395.000; Sat, 4 May 2019 05:30:38 +1200
From: Peter Gutmann <>
To: Benjamin Kaduk <>
CC: Hubert Kario <>, "" <>, "" <>
Thread-Topic: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
Thread-Index: AQHU+8+QtjVLqWiyz0WqN1BpourjtKZM43YAgADkD4CAAGW4gIADRbgAgAMrEACAA/7YAIABDIIe//8+0QCAAMtvyg==
Date: Fri, 3 May 2019 17:30:38 +0000
Message-ID: <>
References: <> <> <> <> <>,<>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 03 May 2019 17:30:47 -0000

Benjamin Kaduk <> writes:

>I'll make the obligatory note that SHA-2 is fine

Sure, and that was the really strange thing with TLS 1.2, why not just say
SHA-2 or better only, rather than adding mechanisms that were much, much
weaker than its predecessors?  So the simple fix is just to use SHA-2 only for
TLS 1.2.

>if someone does change their system, are really going to recommend they go to
>TLS 1.0 with MD5||SHA1 rather than TLS 1.2 with SHA2?

That would be one argument for an RFC, MUST SHA-2 only or MUST NOT MD5 and
SHA-1 in 1.2.  Which is pretty much what TLS-LTS says.  Or at least it takes
the SHA-2-suites-mandatory path which implies no MD5 or SHA-1, I guess I
should also add an explicit MUST NOT MD5 and SHA-1.

Having said that, given an RFC saying MUST NOT 1.0 and 1.1 which is what the
original discussion was about, why not also add MUST NOT MD5 and SHA1 in TLS
1.2 to the text?