On Fri, Sep 2, 2016 at 10:04 AM, Eric Rescorla <e...@rtfm.com> wrote:
> > > On Fri, Sep 2, 2016 at 8:25 AM, Dave Garrett <davemgarr...@gmail.com> > wrote: > >> On Friday, September 02, 2016 07:32:06 am Eric Rescorla wrote: >> > On Fri, Sep 2, 2016 at 3:42 AM, Ilari Liusvaara < >> ilariliusva...@welho.com> wrote: >> > > I also don't see why this should be in TLS 1.3 spec, instead of being >> > > its own spec (I looked up how much process BS it would be to get the >> > > needed registrations: informative RFC would do). >> > >> > I also am not following why we need to do this now. The reason we >> defined SHA-2 in >> > a new RFC was because (a) SHA-1 was looking weak and (b) we had to make >> significant >> > changes to TLS to allow the use of SHA-2. This does not seem to be that >> case. >> >> I don't think we strictly _need_ to do this now, however I think it's a >> good idea given that we'll need to do it eventually > > > I'm not sure that that's true. > To clarify: we might need to do this for one of several reasons: - Some sort of completeness theory - SHA-256 starts to look much weaker The second could certainly happen, but if it doesn't, it's not clear that there's really a completeness need. -Ekr > > -Ekr > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
