Roman, Thanks for your review. Some comments inline.
spt > On Oct 2, 2020, at 19:42, Roman Danyliw <r...@cert.org> wrote: > > Hi! > > I've assumed the role of responsible AD on this document. As such, I > performed an AD review of draft-ietf-tls-md5-sha1-deprecate-03. > > Thanks for writing this document to address an important crypto maintenance > tasks in TLS v1.2. I have a few clarifying and pro forma editorial items of > feedback. > > ** Please address the following IDNits: > > -- The document seems to lack an IANA Considerations section. (See Section > 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case > when there are no actions for IANA.) Addressed via: https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/7 Comments about one below, but the remaining are addressed via: https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/pull/8 > -- The draft header indicates that this document updates RFC5246, but the > abstract doesn't seem to mention this, which it should. > > -- The draft header indicates that this document updates RFC7525, but the > abstract doesn't seem to mention this, which it should. > > ** Section 1. Editorial. > -- s/RFC 5246 [RFC5246]/[RFC5246]/ > > -- s/RFC 6151 [RFC6151]/[RFC6151]/ > > -- s/RFC7525 [RFC7525]/[RFC7525]/ > > ** Section 1. Editorial. For symmetry with the rest of the text: > > OLD > RFC 6151 [RFC6151] > details the security considerations, including collision attacks for > MD5, published in 2011. > > NEW > In 2011, [RFC6151] detailed the security considerations, including collision > attacks for MD5. > > ** Section 1. Please provide a reference for "Wang, et al". Is there a > reference to provide for the "the potential for brute-force attack" For the Wang attack we used the following reference when updating the SHA-0 and SHA-1 considerations. I put it where the collisions are first noted. I am unsure if it’s the latest and greatest: Wang, X., Yin, Y., and H. Yu., "Finding Collisions in the Full SHA-1", Crypto 2005. <rant: I am not entirely sure I did the XML right for the reference.> I am not sure there is a reference for the brute force potential attack, but somebody correct me if I am wrong. The way I see it if you know the collision space is much smaller well you might launch said attack. In s1.1, I also updated the paragraph to use the new paragraph and fixed the references. > ** Section 6. Editorial Nit. s/RFC5246 [RFC5246]/[RFC5246]/ > > ** Section 6. Move the text "In Section 7.4.1.4.1: the text should be > revised from" out of the "OLD" block of text to be its own intro paragraph so > that the OLD vs. NEW is a clear cut-and-paste. > > ** Section 7. Editorial. s/ RFC7525 [RFC7525]/[RFC7525]/ > > ** Section 7. SHA-1 is also not mentioned in RFC7525. Recommend: > > OLD > The prior text did not explicitly include > MD5 and this text adds it to ensure it is understood as having been > deprecated. > > NEW > The prior text did not explicitly include MD5 or SHA-1; and this text adds > guidance to ensure that these algorithms have been deprecated. > > ** Section 7. Editorial. Grammar. > > OLD > In addition, the use of the SHA-256 hash algorithm is RECOMMENDED, > SHA-1 or MD5 MUST NOT be used > > NEW > In addition, the use of the SHA-256 hash algorithm is RECOMMENDED; and SHA-1 > or MD5 MUST NOT be used > > ** Section 10.2 Please make RFC5246 a normative reference. > > Regards, > Roman > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
