On Oct 28, 2022, at 10:49 AM, John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote: > A small nit: > OLD and tje > NEW and the
I'll fix that, thanks. > PEAP and SHA-1: > Looks like Microsoft is planning to stick with SHA-1 for PEAP 1.3 [PEAP-PRF]. > I think that is the wrong choice. NIST recently stated that they plan to > deprecate and eventually disallow _all_ uses of SHA-1. In the end, this is > Microsoft’s choice, but I think the fact that PEAP 1.3 still uses SHA-1 > should be mentioned in draft-ietf-emu-tls-eap-types. This is important > information for people and industries following requirements to disallow all > uses of SHA-1. It's not so much "Microsoft planning" as this was discussed in EMU years ago, and the WG consensus was to stick with SHA-1. The current code is shipping in multiple servers and supplicants. It cannot realistically be changed at this time. If NIST deprecates SHA-1, then we can define PEAP (version n+1), and rely on PEAP version negotiation to fix the issue. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
