I'm not quite following how this helps. It's true that if SHA-256 is broken, we're in serious trouble, but that's largely because of the fact that that's what people's certificates have, so clients really can't refuse to support SHA-256 certificates. So, how does adding new algorithms help? (That's why I would argue that the existing SHA-384 support doesn't help).
-Ekr On Fri, Dec 15, 2017 at 9:46 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Fri, Dec 15, 2017 at 02:57:33PM +0000, Andrei Popov wrote: > > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Ilari Liusvaara > > > Even nastier dependency: SHA-2. If that breaks, currently both TLS > > > 1.2 and 1.3 break. There are no alternatives defined. > > > > Here's an attempt to define a SHA-2 alternative: > https://tools.ietf.org/html/draft-wconner-blake2sigs-01 > > Also would need TLS ciphersuite codepoints with alternative handshake > hash algorithms. > > > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
