Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS
One comment. Perhaps some caution might be advised in light of the antitrust court order in /Trueposition v. Ericsson/. Ref. Order in Case No. 2:11-cv-4574, (U.S. E.D. Pa, 14 Jul 2014). --amr On 2020-03-06 7:02 PM, John Mattsson wrote: Hi, I am happy to report that 3GPP just took the decision to forbid support of MD5 and SHA-1, as well as all non-AEAD and non-PFS cipher suites in TLS. The changes apply to all Rel-16 3GPP systems that use TLS and DTLS, which are quite many. 3GPP had already mandaded support of TLS 1.3, forbidden support of TLS 1.1, and mandated minimum key lengths of 2048 for RSA/FFDH and 255 for ECC. 3GPP will likely mandate support of DTLS 1.3 soon after it has been published. I hope this inspire other organisations to do the same. The changes [2][3] were approved today and an updated complete version of the new 3GPP TLS profile can be found here [1]. Any comments or suggestions on the 3GPP TLS profile are very welcome. Cheers, John [1] https://github.com/EricssonResearch/CBOR-certificates/raw/master/3GPP%20TLS%20Profile%206%20march%202020.pdf [2] http://www.3gpp.org/ftp/TSG_SA/WG3_Security/TSGS3_98e/Docs/S3-200332.zip [3] https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_98e/Inbox/Drafts/draft_S3-200333-r1.doc ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS
One comment. Perhaps some caution might be advised in light of the antitrust court order in /Trueposition v. Ericsson/. Ref. Order in Case No. 2:11-cv-4574, (U.S. E.D. Pa, 14 Jul 2014). --amr On 2020-03-06 7:02 PM, John Mattsson wrote: Hi, I am happy to report that 3GPP just took the decision to forbid support of MD5 and SHA-1, as well as all non-AEAD and non-PFS cipher suites in TLS. The changes apply to all Rel-16 3GPP systems that use TLS and DTLS, which are quite many. 3GPP had already mandaded support of TLS 1.3, forbidden support of TLS 1.1, and mandated minimum key lengths of 2048 for RSA/FFDH and 255 for ECC. 3GPP will likely mandate support of DTLS 1.3 soon after it has been published. I hope this inspire other organisations to do the same. The changes [2][3] were approved today and an updated complete version of the new 3GPP TLS profile can be found here [1]. Any comments or suggestions on the 3GPP TLS profile are very welcome. Cheers, John [1]https://github.com/EricssonResearch/CBOR-certificates/raw/master/3GPP%20TLS%20Profile%206%20march%202020.pdf [2]http://www.3gpp.org/ftp/TSG_SA/WG3_Security/TSGS3_98e/Docs/S3-200332.zip [3]https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_98e/Inbox/Drafts/draft_S3-200333-r1.doc ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] I-D Action: draft-ietf-tls-dtls13-35.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 Authors : Eric Rescorla Hannes Tschofenig Nagendra Modadugu Filename: draft-ietf-tls-dtls13-35.txt Pages : 53 Date: 2020-03-07 Abstract: This document specifies Version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. The DTLS 1.3 protocol is intentionally based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection/non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-tls-dtls13-35 https://datatracker.ietf.org/doc/html/draft-ietf-tls-dtls13-35 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-dtls13-35 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] draft-ietf-tls-dtls13-35
Hi folks, I have just submitted -35. This makes the following notable changes: - Fix contradictory text around the legacy cookie field by requiring it to be empty. - Note that you can't ACK records unless you are processing the contents (as noted by Hanno). It also fixes a few editorial problems around the AAD and the figures. -Ekr ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : Semi-Static Diffie-Hellman Key Establishment for TLS 1.3 Authors : Eric Rescorla Nick Sullivan Christopher A. Wood Filename: draft-ietf-tls-semistatic-dh-01.txt Pages : 7 Date: 2020-03-07 Abstract: TLS 1.3 [RFC8446] specifies a signed Diffie-Hellman exchange modelled after SIGMA [SIGMA]. This design is suitable for endpoints whose certified credential is a signing key, which is the common situation for current TLS servers. This document describes a mode of TLS 1.3 in which one or both endpoints have a certified DH key which is used to authenticate the exchange. Note to Readers Source for this draft and an issue tracker can be found at https://github.com/ekr/draft-rescorla-tls13-semistatic-dh (https://github.com/ekr/draft-rescorla-tls13-semistatic-dh). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-semistatic-dh/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-tls-semistatic-dh-01 https://datatracker.ietf.org/doc/html/draft-ietf-tls-semistatic-dh-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-semistatic-dh-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt
Among editorial changes, this update removes key schedule injection. The resulting design still requires formal analysis, though we don’t expect much more to change at this point. Please have a look and provide feedback. Thanks! Chris (no hat) On 7 Mar 2020, at 15:45, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : Semi-Static Diffie-Hellman Key Establishment for TLS 1.3 Authors : Eric Rescorla Nick Sullivan Christopher A. Wood Filename: draft-ietf-tls-semistatic-dh-01.txt Pages : 7 Date: 2020-03-07 Abstract: TLS 1.3 [RFC8446] specifies a signed Diffie-Hellman exchange modelled after SIGMA [SIGMA]. This design is suitable for endpoints whose certified credential is a signing key, which is the common situation for current TLS servers. This document describes a mode of TLS 1.3 in which one or both endpoints have a certified DH key which is used to authenticate the exchange. Note to Readers Source for this draft and an issue tracker can be found at https://github.com/ekr/draft-rescorla-tls13-semistatic-dh (https://github.com/ekr/draft-rescorla-tls13-semistatic-dh). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-semistatic-dh/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-tls-semistatic-dh-01 https://datatracker.ietf.org/doc/html/draft-ietf-tls-semistatic-dh-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-semistatic-dh-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] 3GPP forbids support of MD5, SHA-1, non-AEAD, and non-PFS in TLS
In article you write: >-=-=-=-=-=- > >One comment. Perhaps some caution might be advised in light of the >antitrust court order in /Trueposition v. Ericsson/. Ref. Order in Case >No. 2:11-cv-4574, (U.S. E.D. Pa, 14 Jul 2014). That's a single page dismissing 3GPP from the case. Really? https://ia800306.us.archive.org/15/items/gov.uscourts.paed.426719/gov.uscourts.paed.426719.296.0.pdf R's, John >On 2020-03-06 7:02 PM, John Mattsson wrote: >> Hi, >> >> I am happy to report that 3GPP just took the decision to forbid support of >> MD5 and SHA-1, as well as all non-AEAD and non-PFS cipher suites in >TLS. The changes apply to all Rel-16 3GPP systems that use TLS and DTLS, which >are quite many. >> >> 3GPP had already mandaded support of TLS 1.3, forbidden support of TLS 1.1, >> and mandated minimum key lengths of 2048 for RSA/FFDH and 255 for >ECC. 3GPP will likely mandate support of DTLS 1.3 soon after it has been >published. >> >> I hope this inspire other organisations to do the same. >> >> The changes [2][3] were approved today and an updated complete version of >> the new 3GPP TLS profile can be found here [1]. Any comments or >suggestions on the 3GPP TLS profile are very welcome. >> >> Cheers, >> John >> >> >> [1] >> https://github.com/EricssonResearch/CBOR-certificates/raw/master/3GPP%20TLS%20Profile%206%20march%202020.pdf >> >> [2] http://www.3gpp.org/ftp/TSG_SA/WG3_Security/TSGS3_98e/Docs/S3-200332.zip >> >> [3] >> https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_98e/Inbox/Drafts/draft_S3-200333-r1.doc ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] Weekly github digest (TLS Working Group Drafts)
Issues -- * tlswg/draft-ietf-tls-esni (+0/-1/💬3) 3 issues received 3 new comments: - #183 Clarification on repeated extensions in ESNIRecord and ESNIKeys (1 by chris-wood) https://github.com/tlswg/draft-ietf-tls-esni/issues/183 - #145 Adopt HPKE (1 by chris-wood) https://github.com/tlswg/draft-ietf-tls-esni/issues/145 [needs WG discussion] - #121 Can the ESNI values change upon HRR? (1 by chris-wood) https://github.com/tlswg/draft-ietf-tls-esni/issues/121 [needs WG discussion] 1 issues closed: - Clarification on repeated extensions in ESNIRecord and ESNIKeys https://github.com/tlswg/draft-ietf-tls-esni/issues/183 * tlswg/dtls13-spec (+0/-3/💬0) 3 issues closed: - Additional data definition is broken https://github.com/tlswg/dtls13-spec/issues/116 - Fix Figure 11 https://github.com/tlswg/dtls13-spec/issues/114 - legacy cookie field https://github.com/tlswg/dtls13-spec/issues/118 [pr-exists] Pull requests - * tlswg/draft-ietf-tls-semistatic-dh (+1/-2/💬0) 1 pull requests submitted: - Ekr cleanup (by chris-wood) https://github.com/tlswg/draft-ietf-tls-semistatic-dh/pull/8 2 pull requests merged: - Ekr cleanup https://github.com/tlswg/draft-ietf-tls-semistatic-dh/pull/8 - Remove changes to the key schedule. https://github.com/tlswg/draft-ietf-tls-semistatic-dh/pull/7 * tlswg/draft-ietf-tls-esni (+1/-0/💬3) 1 pull requests submitted: - ESNI -> ECHO (by chris-wood) https://github.com/tlswg/draft-ietf-tls-esni/pull/207 3 pull requests received 3 new comments: - #196 Tunnel version (1 by chris-wood) https://github.com/tlswg/draft-ietf-tls-esni/pull/196 - #159 Clarify how anti-replay protection is achieved (1 by chris-wood) https://github.com/tlswg/draft-ietf-tls-esni/pull/159 - #122 Add CertificateVerify to padding recommendation (1 by chris-wood) https://github.com/tlswg/draft-ietf-tls-esni/pull/122 * tlswg/draft-ietf-tls-ticketrequest (+0/-0/💬1) 1 pull requests received 1 new comments: - #18 Ticket request with separate resumption and new_session counts. (1 by vdukhovni) https://github.com/tlswg/draft-ietf-tls-ticketrequest/pull/18 * tlswg/tls-flags (+0/-1/💬0) 1 pull requests merged: - Add IANA expert guidance https://github.com/tlswg/tls-flags/pull/3 * tlswg/dtls13-spec (+4/-6/💬0) 4 pull requests submitted: - Fix figure 11. Fixes #114 (by ekr) https://github.com/tlswg/dtls13-spec/pull/122 - Clarify that you can't ACK records containing stuff you haven't proce… (by ekr) https://github.com/tlswg/dtls13-spec/pull/121 - Clarify AAD (by ekr) https://github.com/tlswg/dtls13-spec/pull/120 - Zero length cookies must be used. Fixes #118 (by ekr) https://github.com/tlswg/dtls13-spec/pull/119 6 pull requests merged: - Clarify that you can't ACK records containing stuff you haven't proce… https://github.com/tlswg/dtls13-spec/pull/121 - Fix figure 11. Fixes #114 https://github.com/tlswg/dtls13-spec/pull/122 - Clarify AAD https://github.com/tlswg/dtls13-spec/pull/120 - Zero length cookies must be used. Fixes #118 https://github.com/tlswg/dtls13-spec/pull/119 - Added Clarification regarding the message_seqnr use https://github.com/tlswg/dtls13-spec/pull/117 - Reference update https://github.com/tlswg/dtls13-spec/pull/115 Repositories tracked by this digest: --- * https://github.com/tlswg/draft-ietf-tls-semistatic-dh * https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate * https://github.com/tlswg/draft-ietf-tls-esni * https://github.com/tlswg/certificate-compression * https://github.com/tlswg/draft-ietf-tls-external-psk-importer * https://github.com/tlswg/draft-ietf-tls-ticketrequest * https://github.com/tlswg/tls-flags * https://github.com/tlswg/dtls13-spec * https://github.com/tlswg/dtls-conn-id * https://github.com/tlswg/tls-subcerts * https://github.com/tlswg/oldversions-deprecate * https://github.com/tlswg/sniencryption * https://github.com/tlswg/tls-exported-authenticator * https://github.com/tlswg/draft-ietf-tls-grease ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
