It might pay to spend more time on explaining what you are trying to do. The goal appears to be to remove a dependency on signature schemes that include these weaker hash functions. But the introduction just says that the functions are bad.
You should be very clear about what effect this has on the use of SHA-1 in HMAC for record protection. It looks like you don't intend to deprecate that. Say that. The change to the enum is silly. Overall, I think that the updates to 5246 are unnecessary. Concentrate on 7525. The 7525 text starts with "When using RSA", so it could be read to not apply to ECDSA. That would be a mistake. I recommend splitting the paragraph into talking about the group size (the first sentence) and a separate paragraph on hash functions used as part of the signing process. As part of that, this probably needs to be a MUST: "Clients SHOULD indicate to servers that they request SHA-256, by using the "Signature Algorithms" extension defined in TLS 1.2." And then I think we should publish something. Like David, I'm acutely aware of the compatibility hazard that this presents, but it's no less worth doing. On Fri, May 10, 2019, at 00:12, Loganaden Velvindron wrote: > Hi all, > > Following the recent thread on TLS 1.0 and TLS 1.1 deprecation, we > came up with a proposal to deprecate md5 and sha1 for digital > signatures in the TLS 1.2 spec. > > Please find the draft at this url: > https://tools.ietf.org/html/draft-lvelvindron-tls-md5-sha1-deprecate-03 > > We look forward to your feedback. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
