Daniel, So the current proposal is that signature_algorithms is always included. I understand that with that in mind it might make sense to also remove the other text as well.
What do others think? spt > On Jul 30, 2021, at 12:25, Daniel Migault <mglt.i...@gmail.com> wrote: > > Hi, > > Just to sum, up my initial comment proposed to mention as being removed > remove the texts mentioned below. Since Sean mentioned that removing a text > with MUST can be problematic, for the first text we can also just explain > that in the context of this draft, the first text ends in being some dead > code. I would be interested to understand - and only for my personal > understanding - why removing a text with MUST is harder than a text with MAY. > > My understanding is that the current proposal is to remove the second text, > and that the case of the first text has not been concluded - of course unless > I am missing something. As a result, I think I hope we can converge for the > two texts and I am fine the first text being mentioned as removed or ending > as dead code. > > """ > If the client does not send the signature_algorithms extension, the > server MUST do the following: > - If the negotiated key exchange algorithm is one of (RSA, DHE_RSA, > DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA), behave as if client had > sent the value {sha1,rsa}. > > - If the negotiated key exchange algorithm is one of (DHE_DSS, > DH_DSS), behave as if the client had sent the value {sha1,dsa}. > > - If the negotiated key exchange algorithm is one of (ECDH_ECDSA, > ECDHE_ECDSA), behave as if the client had sent value {sha1,ecdsa}. > """ > > > """ > If the client supports only the default hash and signature algorithms > (listed in this section), it MAY omit the signature_algorithms > extension. > """ > > Yours, > Daniel > > On Fri, Jul 30, 2021 at 5:10 AM Hannes Tschofenig <hannes.tschofe...@arm.com> > wrote: > I have no problem with the suggestion. > > A few other observations: > > 1. FWIW: The reference to [Wang] is incomplete. > > 2. The references to the other papers use the websites of the authors or > project websites. I would use more stable references. > > 3. Kathleen's affiliation is also outdated. > > 4. Is the update to RFC 7525 relevant given that there is an update of RFC > 7525 in progress (see > https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis-01) and even > near completion? > > 5. The title of the draft gives the impression that this update only refers > to TLS 1.2 but later in the draft DTLS is also included via the reference to > RFC 7525. Should the title be changed to "Deprecating MD5 and SHA-1 signature > hashes in TLS/DTLS 1.2"? > > Ciao > Hannes > > -----Original Message----- > From: Iot-directorate <iot-directorate-boun...@ietf.org> On Behalf Of Russ > Housley > Sent: Wednesday, July 28, 2021 10:34 PM > To: Sean Turner <s...@sn3rd.com>; IETF TLS <tls@ietf.org> > Cc: iot-director...@ietf.org; draft-ietf-tls-md5-sha1-deprecate....@ietf.org; > last-c...@ietf.org > Subject: Re: [Iot-directorate] [TLS] [Last-Call] Iotdir last call review of > draft-ietf-tls-md5-sha1-deprecate-04 > > > In Section 7.1.4.1: the following text is removed: > > If the client supports only the default hash and signature algorithms > (listed in this section), it MAY omit the signature_algorithms > extension. > > > Since it’s a MAY, I am a-okay with deleting. Anybody else see harm? > > I don't see any harm. > > Russ > > -- > Iot-directorate mailing list > iot-director...@ietf.org > https://www.ietf.org/mailman/listinfo/iot-directorate > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > -- > Daniel Migault > Ericsson _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls