On Fri, Sep 2, 2016 at 12:21 PM, Hubert Kario <hka...@redhat.com> wrote:
> On Friday, 2 September 2016 21:38:33 CEST Yoav Nir wrote: > > > On 2 Sep 2016, at 8:27 PM, Hubert Kario <hka...@redhat.com> wrote: > > > > > > On Friday, 2 September 2016 12:06:55 CEST Benjamin Kaduk wrote: > > >> On 09/02/2016 12:04 PM, Eric Rescorla wrote: > > >>> On Fri, Sep 2, 2016 at 8:25 AM, Dave Garrett <davemgarr...@gmail.com > > >>> > > >>> <mailto:davemgarr...@gmail.com>> wrote: > > >>> On Friday, September 02, 2016 07:32:06 am Eric Rescorla wrote: > > >>>> On Fri, Sep 2, 2016 at 3:42 AM, Ilari Liusvaara > > >>>> > > >>> <ilariliusva...@welho.com <mailto:ilariliusva...@welho.com>> > wrote: > > >>>>> I also don't see why this should be in TLS 1.3 spec, instead of > > >>>>> being > > >>>>> its own spec (I looked up how much process BS it would be to > > >>>>> > > >>> get the > > >>>>> > > >>>>> needed registrations: informative RFC would do). > > >>>> > > >>>> I also am not following why we need to do this now. The reason > > >>>> > > >>> we defined SHA-2 in > > >>>> > > >>>> a new RFC was because (a) SHA-1 was looking weak and (b) we had > > >>>> > > >>> to make significant > > >>>> > > >>>> changes to TLS to allow the use of SHA-2. This does not seem to > > >>>> > > >>> be that case. > > >>> > > >>> I don't think we strictly _need_ to do this now, however I think > > >>> it's a good idea given that we'll need to do it eventually > > >>> > > >>> I'm not sure that that's true. > > >> > > >> Predicting future needs is not always reliable, yes. > > >> > > >>> From a release-engineering (standards-engineering?) perspective, I > still > > >> > > >> don't see any reasons to add it now, and do see reasons to not add it > > >> now. > > > > > > what would be the reasons not to add it now? > > > > Several reasons: > > - This is a core spec. Those don’t traditionally specify new algorithms > > unless they’re MTI (like SHA-256 is TLS 1.2 and RSAPSS here) > > - For now, > > SHA-3 is yet another national algorithm. Why add this and not Streebog? > [1] > > - Who’s to tell whether SHA-2 breaks earlier than SHA-3? > > But then we have: > * AES and ChaCha (two modes for the former one even) > * RSA and ECDSA > * NIST curves and Bernstein curves > * ECDHE key exchange an DHE key exchange > > only the SHA-2 stands alone... > We have SHA-256 and SHA-384. -Ekr > > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
