Skip to main content

Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2
draft-ietf-tls-md5-sha1-deprecate-09

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-md5-sha1-deprecate@ietf.org, loganaden@gmail.com, rdd@cert.org, rfc-editor@rfc-editor.org, sean@sn3rd.com, tls-chairs@ietf.org, tls@ietf.org
Subject: Protocol Action: 'Deprecating MD5 and SHA-1 signature hashes in (D)TLS 1.2' to Proposed Standard (draft-ietf-tls-md5-sha1-deprecate-09.txt)

The IESG has approved the following document:
- 'Deprecating MD5 and SHA-1 signature hashes in (D)TLS 1.2'
  (draft-ietf-tls-md5-sha1-deprecate-09.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-md5-sha1-deprecate/


Ballot Text

Technical Summary

   The MD5 and SHA-1 hashing algorithms are increasingly vulnerable to
   attack and this document deprecates their use in TLS 1.2 digital
   signatures.  However, this document does not deprecate SHA-1 in HMAC
   for record protection.  This document updates RFC 5246.

Working Group Summary

* There is strong support in the working group for this document.  Primary items during WGLC was around the consistency of the normative language.

* Discussion from AD Review and IETC LC saw the streamlining of the update guidance to RFC5246 and dropping an formal update to RFC7525 (as it is being revised).

Document Quality

* There was review from the WG, comments from the IETF LC and Directorates (in particular IoTDIR) were addressed.

Personnel

Document Shepherd = Sean Turner

Responsible AD = Roman Danyliw

RFC Editor Note