On Friday, 3 September 2021 18:00:12 CEST, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line
Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.
Title : Deprecating MD5 and SHA-1 signature
hashes in (D)TLS 1.2
Authors : Loganaden Velvindron
Kathleen Moriarty
Alessandro Ghedini
Filename : draft-ietf-tls-md5-sha1-deprecate-08.txt
Pages : 6
Date : 2021-09-03
Abstract:
The MD5 and SHA-1 hashing algorithms are increasingly vulnerable to
attack and this document deprecates their use in TLS 1.2 digital
signatures. However, this document does not deprecate SHA-1 in HMAC
for record protection. This document updates RFC 5246.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-md5-sha1-deprecate/
There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-tls-md5-sha1-deprecate-08
Servers SHOULD NOT include MD5 and SHA-1 in CertificateRequest
messages.
Clients MUST NOT include MD5 and SHA-1 in CertificateVerify messages.
If a server receives a CertificateVerify message with MD5 or SHA-1 it
MUST abort the connection with handshake_failure or
insufficient_security alert.
As written, this would make already existing implementations not RFC
compliant
when they are configured to not support SHA-1.
RFC5246 requires the server to abort with illegal_parameter if the
CV included an algorithm that wasn't advertised in CR.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
