On Thu, May 9, 2019, at 16:09, Peter Gutmann wrote: > You could just say "use SHA-2", which covers the whole family. Now in > practice "SHA-2" means "SHA-256" so it'll be the same as saying SHA-256 > directly, but the more generic SHA-2 leaves it open to interpretation for the > three people who use something other than SHA-256.
Though I don't think we'll see it happen any time soon, I don't think we want to completely close the door on new hash functions. SHA-3 might be dead, but that doesn't mean we won't eventually be motivated to move to another one. >From memory, we see a non-trivial amount of SHA-384, though that might just be >in its pairing with AES-256-GCM. It's routinely paired with P-384, which we >do get a little bit of. We even have P-521 in quantities large enough that we >can't turn it off, which is likely paired with SHA-512. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
