I think this is the right answer and parallels what we are doing with PSS. -Ekr
On Wed, Oct 21, 2015 at 12:15 PM, Martin Thomson <martin.thom...@gmail.com> wrote: > The current draft permits the use of SHA-1 in the certificate chain, > which gives SHA-1 a free pass indefinitely. Since we expressly forbid > the use of SHA-1 for signing in TLS itself, we can just permit clients > to include it in "signature_algorithms" and use that to determine > whether SHA-1 is acceptable. > > That means that clients that want to disable SHA-1 (real soon now, we > promise), can signal that preference cleanly. > > I've opened PR #317 for this, but the commit is probably more useful > to review, since I built this on top of ekr's client authentication > changes (to avoid messy rebases): > > > https://github.com/martinthomson/tls13-spec/commit/354475cf02819a9cc808457f2c09fdaeb1f82aa5 > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
