On 05/22/2017 12:17 PM, Viktor Dukhovni wrote: >> On May 22, 2017, at 1:06 PM, Benjamin Kaduk <bka...@akamai.com> wrote: >> >> Given the apparent strength of opinion against removing these supposed >> restrictions entirely, it seems like this text (or something similar) is >> probably the best we can do. > Perhaps so, but I saw only one strong objection from Dave Garrett. Is that
There was also some discussion when this text was originally going in, IIRC. But I do not remember well enough to say who/how many people wanted it. > sufficient for "apparent strength of opinion"? Removal is simpler, and it > sure does not look like people are determined to continue to support MD5 > and SHA-1 in certificates, but would be willing to relent if TLS 1.3 told > them not to. Isn't the language in question tackling a non-problem? It probably is, but I don't feel a need to spend a lot of my time pushing for it to be removed. -Ben > That said, if the only way to rough consensus is a properly qualified > requirement to not rely on such certificate signatures for authentication, > (rather than must hang up with a fatal alert when you see these, must not > send these, ...) then I'll go along with a compromise. >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
