On Friday, 3 May 2019 19:30:38 CEST Peter Gutmann wrote: > Benjamin Kaduk <bka...@akamai.com> writes: > >I'll make the obligatory note that SHA-2 is fine > > Sure, and that was the really strange thing with TLS 1.2, why not just say > SHA-2 or better only, rather than adding mechanisms that were much, much > weaker than its predecessors? So the simple fix is just to use SHA-2 only > for TLS 1.2.
I don't know as I wasn't there when that was discussed, but one reason could be the same as the problems we are facing now with RSA-PSS in TLS 1.3: smartcards and HSMs that are limited to old algorithms. Also, don't forget that signature_algorithms, at least in theory[1], was supposed to also influence server certificate selection, and SHA-1 was used in vast majority of certificates in PKI. > >if someone does change their system, are really going to recommend they go > >to TLS 1.0 with MD5||SHA1 rather than TLS 1.2 with SHA2? > > That would be one argument for an RFC, MUST SHA-2 only or MUST NOT MD5 and > SHA-1 in 1.2. Which is pretty much what TLS-LTS says. Or at least it takes > the SHA-2-suites-mandatory path which implies no MD5 or SHA-1, I guess I > should also add an explicit MUST NOT MD5 and SHA-1. > > Having said that, given an RFC saying MUST NOT 1.0 and 1.1 which is what the > original discussion was about, why not also add MUST NOT MD5 and SHA1 in > TLS 1.2 to the text? I've already suggested it with the draft authors, the conclusion was that it probably should be a separate RFC. 1 - while in practice one popular implementation actually used it as a "required" list – it would abort connections when the sigalg of the certificate it had wasn't included in the ClientHello -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls