> On May 22, 2017, at 1:06 PM, Benjamin Kaduk <bka...@akamai.com> wrote:
>
> Given the apparent strength of opinion against removing these supposed
> restrictions entirely, it seems like this text (or something similar) is
> probably the best we can do.
Perhaps so, but I saw only one strong objection from Dave Garrett. Is that
sufficient for "apparent strength of opinion"? Removal is simpler, and it
sure does not look like people are determined to continue to support MD5
and SHA-1 in certificates, but would be willing to relent if TLS 1.3 told
them not to. Isn't the language in question tackling a non-problem?
That said, if the only way to rough consensus is a properly qualified
requirement to not rely on such certificate signatures for authentication,
(rather than must hang up with a fatal alert when you see these, must not
send these, ...) then I'll go along with a compromise.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
