Re: Reducing the security bits for MD5 and SHA1 in TLS

2020-06-17 Thread Dr Paul Dale
I’d agree it’s major for for SHA1 but not for MD5.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 18 Jun 2020, at 12:20 pm, Tim Hudson  wrote:
> 
> Given that this change impacts interoperability in a major way it should be a 
> policy vote of the OMC IMHO.
> 
> Tim.
> 
> 
> On Thu, 18 Jun 2020, 5:57 am Kurt Roeckx,  > wrote:
> On Wed, May 27, 2020 at 12:14:13PM +0100, Matt Caswell wrote:
> > PR 10787 proposed to reduce the number of security bits for MD5 and SHA1
> > in TLS (master branch only, i.e. OpenSSL 3.0):
> > 
> > https://github.com/openssl/openssl/pull/10787 
> > 
> > 
> > This would have the impact of meaning that TLS < 1.2 would not be
> > available in the default security level of 1. You would have to set the
> > security level to 0.
> > 
> > In my mind this feels like the right thing to do. The security bit
> > calculations should reflect reality, and if that means that TLS < 1.2 no
> > longer meets the policy for security level 1, then that is just the
> > security level doing its job. However this *is* a significant breaking
> > change and worthy of discussion. Since OpenSSL 3.0 is a major release it
> > seems that now is the right time to make such changes.
> > 
> > IMO it seems appropriate to have an OMC vote on this topic (or should it
> > be OTC?). Possible wording:
> 
> So should that be an OMC or OTC vote, or does it not need a vote?
> 
> 
> Kurt
> 



Re: Reducing the security bits for MD5 and SHA1 in TLS

2020-06-17 Thread Tim Hudson
Given that this change impacts interoperability in a major way it should be
a policy vote of the OMC IMHO.

Tim.


On Thu, 18 Jun 2020, 5:57 am Kurt Roeckx,  wrote:

> On Wed, May 27, 2020 at 12:14:13PM +0100, Matt Caswell wrote:
> > PR 10787 proposed to reduce the number of security bits for MD5 and SHA1
> > in TLS (master branch only, i.e. OpenSSL 3.0):
> >
> > https://github.com/openssl/openssl/pull/10787
> >
> > This would have the impact of meaning that TLS < 1.2 would not be
> > available in the default security level of 1. You would have to set the
> > security level to 0.
> >
> > In my mind this feels like the right thing to do. The security bit
> > calculations should reflect reality, and if that means that TLS < 1.2 no
> > longer meets the policy for security level 1, then that is just the
> > security level doing its job. However this *is* a significant breaking
> > change and worthy of discussion. Since OpenSSL 3.0 is a major release it
> > seems that now is the right time to make such changes.
> >
> > IMO it seems appropriate to have an OMC vote on this topic (or should it
> > be OTC?). Possible wording:
>
> So should that be an OMC or OTC vote, or does it not need a vote?
>
>
> Kurt
>
>


Re: Reducing the security bits for MD5 and SHA1 in TLS

2020-06-17 Thread Kurt Roeckx
On Wed, May 27, 2020 at 12:14:13PM +0100, Matt Caswell wrote:
> PR 10787 proposed to reduce the number of security bits for MD5 and SHA1
> in TLS (master branch only, i.e. OpenSSL 3.0):
> 
> https://github.com/openssl/openssl/pull/10787
> 
> This would have the impact of meaning that TLS < 1.2 would not be
> available in the default security level of 1. You would have to set the
> security level to 0.
> 
> In my mind this feels like the right thing to do. The security bit
> calculations should reflect reality, and if that means that TLS < 1.2 no
> longer meets the policy for security level 1, then that is just the
> security level doing its job. However this *is* a significant breaking
> change and worthy of discussion. Since OpenSSL 3.0 is a major release it
> seems that now is the right time to make such changes.
> 
> IMO it seems appropriate to have an OMC vote on this topic (or should it
> be OTC?). Possible wording:

So should that be an OMC or OTC vote, or does it not need a vote?


Kurt