To close the loop on this, the chairs think this draft should remain solely focused on deprecating legacy TLS versions, not legacy hash functions. Algorithm deprecation may happen elsewhere, be it in draft-lvelvindron-tls-md5-sha1-deprecate or another draft.
Best, Chris, Joe, and Sean On Mon, May 20, 2019, at 2:29 AM, Peter Gutmann wrote: > Martin Rex <m...@sap.com> writes: > > >BEAST is an attack against Web Browsers (and the abuse known as SSL-VPNs), it > >is *NO* attack against TLS > > That actually applies to an awful lot of recent attacks on TLS - they're > attacks that rely on web software that's actively cooperating with the > attacker, not attacks on TLS per se. Similar issues affect numerous attacks > on CMS (branded as S/MIME in email) and OpenPGP, they require mail software > that actively cooperates with the attacker. > > For any new attack on a protocol like TLS, you really need a three-stage > summary of what's vulnerable: > > 1. Web-based use of TLS: Pretty much everything. > 2. Non-web-based use of TLS: Very little. > 3. Non-web-based with a few basic mitigations (EMS, EtM): Nothing, or > close to it. > > Peter. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
