On Tue, Jan 19, 2016 at 10:08:45PM +0000, David Benjamin wrote: > On Fri, Jan 15, 2016 at 10:13 PM Brian Smith <br...@briansmith.org> wrote: > > > David Benjamin <david...@chromium.org> wrote: > > > >> (Whether such certificates exist on the web is probably answerable via CT > >> logs, but I haven't checked.) > >> > > > > Me neither, and I think that's the key thing that would need to be checked > > to see if my suggestion is viable. > > > > Looks like DigiCert's EC intermediates are P-384 and they sign SHA-256 more > often than not. > https://crt.sh/?CN=%25&iCAID=1516
This is my current count of ECDSA based signatures: ECDSA_SHA256 | 1970793 ECDSA_SHA384 | 53 (That's all valid certificate I know about, most of those have expired.) Kurt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
