[TLS] Re: I-D Action: draft-ietf-tls-deprecate-obsolete-kex-05.txt
Joseph Salowey <joe@salowey.net> Wed, 04 September 2024 00:27 UTC
Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16093C14E515 for <tls@ietfa.amsl.com>; Tue, 3 Sep 2024 17:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sd4vHNPuhO8b for <tls@ietfa.amsl.com>; Tue, 3 Sep 2024 17:27:09 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2453FC14F61A for <tls@ietf.org>; Tue, 3 Sep 2024 17:27:09 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id 38308e7fff4ca-2f3f25a1713so71075931fa.2 for <tls@ietf.org>; Tue, 03 Sep 2024 17:27:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20230601.gappssmtp.com; s=20230601; t=1725409627; x=1726014427; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=V9y54bk5PoYTjuBDBHNd9BpzV9NZfYXf3R1qWmIGT5A=; b=WZk6hvDS+a6I9g9gR3BGgpW15w47rfaDzB/bsFrbT7z4lFtvtDCAX966A1pjV1t6Ez o3np1bX0s10lVbwgT3c89XVZP7Qw9laAJmS5zSmF3CHgSPvl/BLU6jNtqJlMNpCZDjFb Z3UtL2F2U5Y64RMrUbm8JRtMnhthdxuVzi/C+3ZaPmPoIQEp2H3iY3LWfiloByHPeHKU zbXoBQS2F4jLzC5Sw+cjFTpqeBlN+Y51rGKH6t8GrrRXV2Yd+epKsFnQ9NYul7DEJw9X lQ6e3yDUOsZDZMAN4HVj+N3X3vVhv518Z0iR0eTGhBPWwUTosNB1GRJojHGcFmVM9ltq S/SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725409627; x=1726014427; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=V9y54bk5PoYTjuBDBHNd9BpzV9NZfYXf3R1qWmIGT5A=; b=MCPeqPVrcmfmwnhQRvxOFXWn2KEwnKOze+SJF3K2TEnqLt9IAj0WOjssw+SpWxCKfm JSkNweW4s61Z4pMXbLAnU6rPczr99sOhrkWcStkcnpNpWzA/mb6Rtbpm5+8p5RqroLdp D94eq0pwLO1faTELBNXF5CfGsZY90lQLN1RfN/dEyk86nraBaqMnIBTfwySrhf9Fecj5 oVPdxwkYbRux0E1E15/VxzJwie+GHFpkk3xi+EVSGwe01kCS86V2eA9aZe4sQOryBY3a TyTTEgDAyC3AUBgI78w9WuiW+URThTG8y8eYvJZToviq1GDgqp/KtKvs4qbxODqDHN5R oY3Q==
X-Gm-Message-State: AOJu0YxlzKipNnxlwfbqO6P5YfBRvEokWLOav299J3uH8gOqulbVD/x8 66iwx0xaMDVRo7km8F4nDDgHIiiZZBpvtbfRqFqXpivNlRpQk0HzbyxMSzY0mLtL8iKXLYn9K3m BhPVETsrkfr5APt+LuFgE7Owvfao1by63Y/V2EgihHLMx+IvTpc9QSQ==
X-Google-Smtp-Source: AGHT+IFmwDkgVA+JJVHkReRC/MfPRp9q444udZau5lyedZfBhQtOQlzFqGzLkxwsuR3OREWzSxjkvzaFRiFMc8MxDOs=
X-Received: by 2002:a2e:a589:0:b0:2f3:cd4e:b929 with SMTP id 38308e7fff4ca-2f6265d773bmr87092741fa.34.1725409625559; Tue, 03 Sep 2024 17:27:05 -0700 (PDT)
MIME-Version: 1.0
References: <172535470010.1356255.17677428956305141236@dt-datatracker-68b7b78cf9-q8rsp>
In-Reply-To: <172535470010.1356255.17677428956305141236@dt-datatracker-68b7b78cf9-q8rsp>
From: Joseph Salowey <joe@salowey.net>
Date: Tue, 03 Sep 2024 17:26:54 -0700
Message-ID: <CAOgPGoBRG580zRmPJAURFNsSUc5v32S-NUqXLrxSQWbJpVgFPQ@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d2f6c20621403b30"
Message-ID-Hash: ZTHHNUKSND5FTEI5B5QPXH7REM6534YS
X-Message-ID-Hash: ZTHHNUKSND5FTEI5B5QPXH7REM6534YS
X-MailFrom: joe@salowey.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: i-d-announce@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS] Re: I-D Action: draft-ietf-tls-deprecate-obsolete-kex-05.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/y8TZYEW9bca68-CrWFAjRypPiLw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I will be hitting the button to submit this to the IESG next week. The revisions based on the earlier consensus calls have been made and references to updated RFCs have been cleaned up. You can use the diffi tool to see the comparison with the -03 version - https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-deprecate-obsolete-kex-03&url2=draft-ietf-tls-deprecate-obsolete-kex-05&difftype=--html. Let me know if you spot any concerns with the document. Thanks, Joe On Tue, Sep 3, 2024 at 2:13 AM <internet-drafts@ietf.org> wrote: > Internet-Draft draft-ietf-tls-deprecate-obsolete-kex-05.txt is now > available. > It is a work item of the Transport Layer Security (TLS) WG of the IETF. > > Title: Deprecating Obsolete Key Exchange Methods in TLS 1.2 > Authors: Carrick Bartle > Nimrod Aviram > Name: draft-ietf-tls-deprecate-obsolete-kex-05.txt > Pages: 21 > Dates: 2024-09-03 > > Abstract: > > This document deprecates the use of RSA key exchange and Diffie > Hellman over a finite field in TLS 1.2, and discourages the use of > static elliptic curve Diffie Hellman cipher suites. > > Note that these prescriptions apply only to TLS 1.2 since TLS 1.0 and > 1.1 are deprecated by RFC 8996 and TLS 1.3 either does not use the > affected algorithm or does not share the relevant configuration > options. > > This document updates RFCs 9325, 4346, 5246, 4162, 6347, 5932, 5288, > 6209, 6367, 8422, 5289, 5469, 4785, 4279, 5487, 6655, and 7905. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-05.html > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-deprecate-obsolete-kex-05 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS] I-D Action: draft-ietf-tls-deprecate-obsole… internet-drafts
- [TLS] Re: I-D Action: draft-ietf-tls-deprecate-ob… Joseph Salowey
- [TLS] Re: I-D Action: draft-ietf-tls-deprecate-ob… Christian Buchgraber
- [TLS] Re: I-D Action: draft-ietf-tls-deprecate-ob… Christian Buchgraber