On Fri, Dec 15, 2017 at 06:41:06PM +0000, Andrei Popov wrote: > It's true, the migration will be slow, but IMHO it still makes sense > to define and implement an alternative hash.
Agreed. However, on certificates front, we need a method to perform backward-compatible algorithm transition. Because non-backward- compatible ones are just too hard. As we have seen _twice_. On TLS handshake hashes, the transitions are already backward- compatible. But that does not mean the transition will be easy. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
