> -----Original Message----- > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Hubert Kario > Sent: Thursday, September 01, 2016 2:17 PM > To: Benjamin Kaduk > Cc: <tls@ietf.org> > Subject: Re: [TLS] SHA-3 in SignatureScheme > > On Thursday, 1 September 2016 12:43:31 CEST Benjamin Kaduk wrote: > > On 09/01/2016 12:38 PM, Hubert Kario wrote: > > > The SHA-3 standard is already published and accepted[1], shouldn't > > > TLSv1.3 include signatures with those hashes then? > > > > Why does it need to be part of the core spec instead of a separate > document? > > because: we also are adding RSA-PSS to TLSv1.2 in this document, I don't see > why it needs to be delayed. Finally, TLSv1.2 added SHA-2 just like that, it > was > not tacked on later.
IIRC, SHA-2 was a special case; SHA-1 was demonstrated to be cryptographically weaker than expected and so we needed to have a secure alternative ASAP. The SHA-3 is not like that; there's no evidence that suggests that SHA-2 is weak; the only incentive to implementing SHA-3 is "we'll, it is a standard, and so we might as well support it". IMHO, how SHA-2 was handled should be viewed as an exception, not a rule for how we should proceed in the future... _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
