Dang, Quynh (Fed) writes:
> As I explained before, the group numbers 5 and 2 should become
> "MUST NOT" because they don't provide 112 bits of security.
And the reply was that as group 2 is the currently used group,
changing them to MUST NOT now would cause huge issues for the users.
And the comments for users says that "It is expected in the near
future to be downgraded to MUST NOT.", so the users knows that they
should move away from it.
I do not think we can do anything for this now, in the next version of
this document (in 2-3 years) we will make them MUST NOT.
> And, all signatures with SHA1 should become "MUST NOT".
We currently do not really have a way to do that. The most commonly
used signature method now is "RSA Digital Signature" with SHA1, but
there is no negotiation of hash algorithm to be used in there, thus
making it MUST NOT there would cause big interoperability issues, as
peers cannot agree not to use SHA1.
In the Digital Signature authentication method, there is a method to
negotiate hash algorithms, and there we say that SHA1 is SHOULD NOT,
which is aligned with other recommendations for SHA1 in the draft. We
could change them to MUST NOT, as people have not implemented Digital
Signature authentication method yet, so they can also implement SHA2
(and RSASSA-PSS) while implementing it and there the peers can
negotiate the hash algorithm to be used.
So here we cannot get rid of the most commonly used SHA1 signature
method, but we can make it so that when people do implement Digital
Signature authentication method, they will not implement SHA1 based
signatures at all, and only do the safe hash algorithms.
I.e. change 4.2 to say:
+--------+-------------+------------+---------+
| Number | Description | Status | Comment |
+--------+-------------+------------+---------+
| 1 | SHA1 | MUST NOT | |
| 2 | SHA2-256 | MUST | |
| 3 | SHA2-384 | MAY | |
| 4 | SHA2-512 | SHOULD | |
+--------+-------------+------------+---------+
and
+------------------------------------+------------+---------+
| Description | Status | Comment |
+------------------------------------+------------+---------+
| RSASSA-PSS with SHA-256 | MUST | |
| ecdsa-with-sha256 | SHOULD | |
| sha1WithRSAEncryption | MUST NOT | |
| dsa-with-sha1 | MUST NOT | |
| ecdsa-with-sha1 | MUST NOT | |
| RSASSA-PSS with Empty Parameters | MUST NOT | |
| RSASSA-PSS with Default Parameters | MUST NOT | |
+------------------------------------+------------+---------+
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
