One comment. Perhaps some caution might be advised in light of the
antitrust court order in /Trueposition v. Ericsson/. Ref. Order in Case
No. 2:11-cv-4574, (U.S. E.D. Pa, 14 Jul 2014).
--amr
On 2020-03-06 7:02 PM, John Mattsson wrote:
Hi,
I am happy to report that 3GPP just took the decision to forbid support of MD5
and SHA-1, as well as all non-AEAD and non-PFS cipher suites in TLS. The
changes apply to all Rel-16 3GPP systems that use TLS and DTLS, which are quite
many.
3GPP had already mandaded support of TLS 1.3, forbidden support of TLS 1.1, and
mandated minimum key lengths of 2048 for RSA/FFDH and 255 for ECC. 3GPP will
likely mandate support of DTLS 1.3 soon after it has been published.
I hope this inspire other organisations to do the same.
The changes [2][3] were approved today and an updated complete version of the
new 3GPP TLS profile can be found here [1]. Any comments or suggestions on the
3GPP TLS profile are very welcome.
Cheers,
John
[1]
https://github.com/EricssonResearch/CBOR-certificates/raw/master/3GPP%20TLS%20Profile%206%20march%202020.pdf
[2] http://www.3gpp.org/ftp/TSG_SA/WG3_Security/TSGS3_98e/Docs/S3-200332.zip
[3]
https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_98e/Inbox/Drafts/draft_S3-200333-r1.doc
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
