Hi, Please find some comments.
Yours, Daniel Introduction I would suggest a reference to rfc6194 for sha1 digest as well as for hmac-sha1. I believe more text in the introduction may be needed to expose how the document impacts TLS 1.2. Typically, the impacted structure is HashAlgorithm, This structure is used by SignatureAndHashAlgorithm which defines the Signature Algorithms extension and is included in messages such as CertificateRequest In addition a number of messages rely on this extension (, ServerKeyExchange, CertificateVerify) and they will be impacted by the current document. Updating the HashAlgorithm registry was caught in the previous version by updating the enum. While this is not the standard procedure to deprecate a registry entry, I believe the intention was there. I would rather suggest to do that in the IANA section.. section 2: I am wondering whether SHOULD NOT could be replaced by MUST NOT. On the one hand, deprecation should be smooth, but on the other hand I am reading that rfc6194 and rfc6151 already started the deprecation. I would rather favour MUST NOT. Maybe we need to also indicate that MD5 or SHA-1 are ignored by the receiver. section 3: The title section maybe should be Certificate Request (without 's'). Similarly to the previous section I would suggest MUST NOT and specifying how the client would behave upon receiving MD5 or SHA-1 as hash. I believe SHA-1 has been dropped in section 4 and 5. section 6: The current rfc5246 rely on default sha-1 and md5. To ease interoperability I am wondering if we strongly recommend to provide the signature algorithm extension in addition to the default sha256. section 7: The new text is missing a capital letter: s/severs/Servers. Unless i am missing something, I would limit the update to the scope of the draft and leave the sentence discussing the group unchanged. . In the following paragraph and s/MUST not/MUST NOT/. I believe the IANA section is missing: TLS HashAlgorithm should have the values 1 md5 Y [RFCTBD] 2 sha1 Y [RFCTBD] Yours, Daniel On Tue, May 14, 2019 at 7:25 AM Hubert Kario <[email protected]> wrote: > On Tuesday, 14 May 2019 08:34:38 CEST Loganaden Velvindron wrote: > > Latest draft is here: > > https://www.ietf.org/id/draft-lvelvindron-tls-md5-sha1-deprecate-04.txt > > why did you drop SHA-1 from Section 4 and 5? > > the note about SHA-1 in HMAC applies to ciphersuites, to state explicitly > that > ciphersuites like TLS_DHE_RSA_WITH_AES_128_CBC_SHA are _not_ deprecated by > it > > SKE and CV don't use HMAC > > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech > Republic_______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
