On Sat, Nov 23, 2019 at 05:32:36PM +0100, Karthik Bhargavan wrote: > This is a bit of a shameless plug, but I think it is important to cite papers > that show that the use of weak hash functions for TLS signatures is actually > exploitable. > > As far as I know, the last round of deprecating MD5 in TLS signatures was > triggered by the SLOTH attack: > > https://www.mitls.org/pages/attacks/SLOTH > > The associated paper explains how weak hash functions can allow an attacker > to break protocols like TLS, SSH, etc. > > https://www.mitls.org/downloads/transcript-collisions.pdf > > This probably deserves to be added to the references of this draft. > > @inproceedings{BhargavanL16, > author = {Karthikeyan Bhargavan and Gaetan Leurent}, > title = {Transcript Collision Attacks: Breaking Authentication in TLS, > IKE, and SSH}, > booktitle = {Proceedings of the {ISOC} Network and Distributed System > Security Symposium ({NDSS} '16)}, > month = {Feb}, > year = {2016}, > url = { > http://www.mitls.org/downloads/transcript-collisions.pdf > } > }
Thanks, I made https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/6 to add a reference to this paper as well. Cheers _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
