I am in favor of this change: it prohibits the server to send SHA-1 certs when signature_algorithms does not advertise SHA-1.
IMHO it would be best to not allow the server to send certs using any algorithms that don’t agree with signature_algorithms, as TLS 1.2 did. But this is a step in the right direction. Cheers, Andrei From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Eric Rescorla Sent: Wednesday, October 21, 2015 12:18 PM To: Martin Thomson <martin.thom...@gmail.com> Cc: tls@ietf.org Subject: Re: [TLS] Controlling use of SHA-1 I think this is the right answer and parallels what we are doing with PSS. -Ekr On Wed, Oct 21, 2015 at 12:15 PM, Martin Thomson <martin.thom...@gmail.com<mailto:martin.thom...@gmail.com>> wrote: The current draft permits the use of SHA-1 in the certificate chain, which gives SHA-1 a free pass indefinitely. Since we expressly forbid the use of SHA-1 for signing in TLS itself, we can just permit clients to include it in "signature_algorithms" and use that to determine whether SHA-1 is acceptable. That means that clients that want to disable SHA-1 (real soon now, we promise), can signal that preference cleanly. I've opened PR #317 for this, but the commit is probably more useful to review, since I built this on top of ekr's client authentication changes (to avoid messy rebases): https://github.com/martinthomson/tls13-spec/commit/354475cf02819a9cc808457f2c09fdaeb1f82aa5<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fgithub.com%2fmartinthomson%2ftls13-spec%2fcommit%2f354475cf02819a9cc808457f2c09fdaeb1f82aa5&data=01%7c01%7cAndrei.Popov%40microsoft.com%7ca50a95e365ed44d7a3bd08d2da4c67d7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=cF5TaesUZE2CBZARx4UwZmdwV20K6b%2bRVn2hGIu3cOk%3d> _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7ca50a95e365ed44d7a3bd08d2da4c67d7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WPuilPjdjChwL4ym5xPuhH7Vho4qsPOM4KQWpkCr2t8%3d>
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
