On Fri, Sep 2, 2016 at 3:42 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> On Fri, Sep 02, 2016 at 12:08:47PM +0200, Hubert Kario wrote: > > On Thursday, 1 September 2016 19:22:18 CEST Dave Garrett wrote: > > > > > > The reason I see is that we currently specify exactly one valid hash > > > algorithm (in a variety of sizes). The precedent argument is good > enough > > > for me. I think adding it in this document is definitely worth > considering. > > > I don't want to wait until SHA-2 is considered weak to provide an > > > alternative, if we can avoid it. > > > > I've created a PR for it: https://github.com/tlswg/tls13-spec/pull/616 > > > > I haven't changed any recommendations, the recommended hashes to > implement are > > still SHA-2 based, and I don't think we should change that given that > > certificates just now are transitioning to SHA-256 because of > incompatibility > > fears. > > Just tweaking the signatures is not enough. There is also the PRF hash, > and using weak hash there has, umm... rather bad consequences. > > I also don't see why this should be in TLS 1.3 spec, instead of being > its own spec (I looked up how much process BS it would be to get the > needed registrations: informative RFC would do). > I also am not following why we need to do this now. The reason we defined SHA-2 in a new RFC was because (a) SHA-1 was looking weak and (b) we had to make significant changes to TLS to allow the use of SHA-2. This does not seem to be that case. -Ekr > > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
