Re: [TLS] Proposal to deprecate sha1 and md5 for digital signatures in TLS 1.2

2019-05-09 Thread Martin Thomson
It might pay to spend more time on explaining what you are trying to do. The goal appears to be to remove a dependency on signature schemes that include these weaker hash functions. But the introduction just says that the functions are bad. You should be very clear about what effect this has

Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

2019-05-09 Thread Martin Rex
Hubert Kario wrote: >On Wednesday, 8 May 2019 02:31:57 CEST Martin Rex wrote: >> Hubert Kario wrote: Thanks to Peter Gutmann for the summary: https://mailarchive.ietf.org/arch/msg/tls/g0MDCdZcHsvZefv4V8fssXMeEHs which you may have missed. >>> >>> yes, Joux paper also

[TLS] Proposal to deprecate sha1 and md5 for digital signatures in TLS 1.2

2019-05-09 Thread Loganaden Velvindron
Hi all, Following the recent thread on TLS 1.0 and TLS 1.1 deprecation, we came up with a proposal to deprecate md5 and sha1 for digital signatures in the TLS 1.2 spec. Please find the draft at this url: https://tools.ietf.org/html/draft-lvelvindron-tls-md5-sha1-deprecate-03 We look forward to

Re: [TLS] I-D Action: draft-ietf-tls-tls13-cert-with-extern-psk-01.txt

2019-05-09 Thread Russ Housley
I received some editorial suggestions by private email during WG Last Call. This update implements those suggestions. Here is the URL for the diff: https://www.ietf.org/rfcdiff?url1=draft-ietf-tls-tls13-cert-with-extern-psk-00=draft-ietf-tls-tls13-cert-with-extern-psk-01=--hwdiff

[TLS] I-D Action: draft-ietf-tls-tls13-cert-with-extern-psk-01.txt

2019-05-09 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key Author :

Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

2019-05-09 Thread Hubert Kario
On Wednesday, 8 May 2019 02:31:57 CEST Martin Rex wrote: > Hubert Kario wrote: > >> Thanks to Peter Gutmann for the summary: > >> https://mailarchive.ietf.org/arch/msg/tls/g0MDCdZcHsvZefv4V8fssXMeEHs > >> > >> which you may have missed. > > > > yes, Joux paper also shows that attacking

Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

2019-05-09 Thread Martin Thomson
On Thu, May 9, 2019, at 16:09, Peter Gutmann wrote: > You could just say "use SHA-2", which covers the whole family. Now in > practice "SHA-2" means "SHA-256" so it'll be the same as saying SHA-256 > directly, but the more generic SHA-2 leaves it open to interpretation for the > three people who

Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

2019-05-09 Thread Peter Gutmann
Benjamin Kaduk writes: >We'd probably want to wordsmith it a bit more, as there's not exactly a >strict ordering on hash function strength, and "minimum requirement" could be >taken to mean "MUST use SHA-256", which is presumably not the intent. You could just say "use SHA-2", which covers the