On Fri, May 3, 2019 at 4:09 PM Kathleen Moriarty < kathleen.moriarty.i...@gmail.com> wrote:
> > > Sent from my mobile device > > On May 3, 2019, at 3:56 PM, Eric Rescorla <e...@rtfm.com> wrote: > > > > On Fri, May 3, 2019 at 10:31 AM Peter Gutmann <pgut...@cs.auckland.ac.nz> > wrote: > >> Having said that, given an RFC saying MUST NOT 1.0 and 1.1 which is what >> the >> original discussion was about, why not also add MUST NOT MD5 and SHA1 in >> TLS >> 1.2 to the text? >> > > This seems like a reasonable proposal. > > > If added, should this just be in the updates section for RFC7525? > If done here, the text below would change to MUST and we'd likely need another WGLC, correct? When using RSA, servers SHOULD authenticate using certificates with at least a 2048-bit modulus for the public key. In addition, the use of the SHA-256 hash algorithm is RECOMMENDED (see [CAB-Baseline <https://tools.ietf.org/html/rfc7525#ref-CAB-Baseline>] for more details). Clients SHOULD indicate to servers that they request SHA-256, by using the "Signature Algorithms" extension defined in TLS 1.2. The MUST NOT for SHA-1 is not clearly stated in RFC7525 as far as I can see. Proposed: When using RSA, servers SHOULD authenticate using certificates with at least a 2048-bit modulus for the public key. In addition, the use of the SHA-256 hash algorithm is the minimum requirement, SHA-1 MUST not be used (see [CAB-Baseline <https://tools.ietf.org/html/rfc7525#ref-CAB-Baseline>] for more details). Clients SHOULD indicate to servers that they request SHA-256, by using the "Signature Algorithms" extension defined in TLS 1.2. MD5 is not discussed in the current version of RFC7525. Best regards, Kathleen > Best regards, > Kathleen > > > -Ekr > > >> Peter. >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > -- Best regards, Kathleen
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
