On Tuesday, 14 May 2019 20:16:17 CEST Loganaden Velvindron wrote: > On Tue, May 14, 2019 at 3:24 PM Hubert Kario <hka...@redhat.com> wrote: > > On Tuesday, 14 May 2019 08:34:38 CEST Loganaden Velvindron wrote: > > > Latest draft is here: > > > https://www.ietf.org/id/draft-lvelvindron-tls-md5-sha1-deprecate-04.txt > > > > why did you drop SHA-1 from Section 4 and 5? > > It was done following this comment from David Cooper. > > " > [..] While they may be subject to collision attacks, SHA-1 is still > considered secure in cases in which collision resistance is not required, > and I do not believe that collision resistance is required when SHA-1 is > used to create the "signatures" in the ServerKeyExchange and > CertificateVerify messages. > "
SLOTH paper disagrees on that as far as CertificateVerify message is concerned SP 800-52 rev-2 does not provide much in terms of justification why SLOTH paper would be wrong and allows for SHA-1 signatures only in TLS 1.0 and TLS 1.1, it does not explicitly state that SHA-1 signatures in TLS 1.2 are allowed... -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
