On Friday, 10 May 2019 00:24:49 CEST Martin Rex wrote: > Hubert Kario <hka...@redhat.com> wrote: > > MD5 was deprecated and removed by basically every library > > and can't be used in TLS 1.2, I specifically meant SHA1 > > MD5 deprecated ? Nope, glaring emtpy: > https://www.rfc-editor.org/errata_search.php?rfc=5246 > > MD5 removed ? Mostly, but several implementors had to be prodded with > with CVE-2015-7575 (SLOTH) to remove it.
I meant in practice > The real issue at hand is: > > Prohibiting TLSv1.0 and TLSv1.1 is going to result in lots of > interop problems, while at the same time providing *ZERO* > security benefit. that's your opinion, not an established fact > The installed base of software which is limited to TLSv1.0 > for outgoing TLS-protected communication is huge. > > > What *WOULD* provide *HUGE* benefit, would be to remove the > dangerous "protocol version downgrade dance" from careless applications, > that is the actual problem known as POODLE, because this subverts the > cryptographic procection of the TLS handshake protocol. > > We've known this downgrade dance to be a problem since the discussion > of what became rfc5746. Prohibiting automatic protoocol version > downgrade dances is going to ensure that two communication peers > that support TLSv1.2 will not negotiate a lower TLS protocol version. which exact piece of popular software actually still does that? It ain't curl, it ain't Chrome, it ain't Firefox. It also isn't something done automatically by any TLS implementation that's even remotely popular: OpenSSL, NSS, GnuTLS, schannel, Secure Transport, go... > If applications doing downgrade dances had at least a basic amount > of risk management, and would refuse to perform an unlimited amount > of downgrades automatically and secretly, then everyone would be > much better of. > > I've seen web browsers doing this entirely without risk management, > and wasn't there some Java class which also did this? > > > > And PLEASE stop unconditionally bashing SHA-1 that's a strawman, I was talking about SHA-1 signatures -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
