> On Jul 30, 2021, at 05:08, Hannes Tschofenig <Hannes.Tschofenig@xxxxxxx> wrote: > > I have no problem with the suggestion. > > A few other observations: > > 1. FWIW: The reference to [Wang] is incomplete. The same ref was used in RFC 6194, but we could also use: https://www.iacr.org/archive/crypto2005/36210017/36210017.pdf > 2. The references to the other papers use the websites of the authors or project websites. I would use more stable references. We can replace: http://shattered.io/static/shattered.pdf with https://eprint.iacr.org/2017/190 and (is the INRIA site better?) ttps://www.mitls.org/downloads/transcript-collisions.pdf with https://hal.inria.fr/hal-01244855/document > 3. Kathleen's affiliation is also outdated. Ah I thought we fixed that. Anyway we’ll change it to: CIS > 4. Is the update to RFC 7525 relevant given that there is an update of RFC 7525 in progress (see https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis-01) and even near completion? I do not have a problem moving the text. I might also solve the can a standard update a BCP question. What do people think? > 5. The title of the draft gives the impression that this update only refers to TLS 1.2 but later in the draft DTLS is also included via the reference to RFC 7525. Should the title be changed to "Deprecating MD5 and SHA-1 signature hashes in TLS/DTLS 1.2"? We could do (D)TLS 1/2 too. > Ciao > Hannes > > -----Original Message----- > From: Iot-directorate <iot-directorate-bounces@xxxxxxxx> On Behalf Of Russ Housley > Sent: Wednesday, July 28, 2021 10:34 PM > To: Sean Turner <sean@xxxxxxxxx>; IETF TLS <tls@xxxxxxxx> > Cc: iot-directorate@xxxxxxxx; draft-ietf-tls-md5-sha1-deprecate.all@xxxxxxxx; last-call@xxxxxxxx > Subject: Re: [Iot-directorate] [TLS] [Last-Call] Iotdir last call review of draft-ietf-tls-md5-sha1-deprecate-04 > >> In Section 7.1.4.1: the following text is removed: > > If the client supports only the default hash and signature algorithms > (listed in this section), it MAY omit the signature_algorithms > extension. > >> Since it’s a MAY, I am a-okay with deleting. Anybody else see harm? > > I don't see any harm. > > Russ > > -- > Iot-directorate mailing list > Iot-directorate@xxxxxxxx > https://www.ietf.org/mailman/listinfo/iot-directorate > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
