On Tue, May 14, 2019 at 10:57 PM Hubert Kario <hka...@redhat.com> wrote:
> On Tuesday, 14 May 2019 20:16:17 CEST Loganaden Velvindron wrote: > > On Tue, May 14, 2019 at 3:24 PM Hubert Kario <hka...@redhat.com> wrote: > > > On Tuesday, 14 May 2019 08:34:38 CEST Loganaden Velvindron wrote: > > > > Latest draft is here: > > > > > https://www.ietf.org/id/draft-lvelvindron-tls-md5-sha1-deprecate-04.txt > > > > > > why did you drop SHA-1 from Section 4 and 5? > > > > It was done following this comment from David Cooper. > > > > " > > [..] While they may be subject to collision attacks, SHA-1 is still > > considered secure in cases in which collision resistance is not required, > > and I do not believe that collision resistance is required when SHA-1 is > > used to create the "signatures" in the ServerKeyExchange and > > CertificateVerify messages. > > " > > SLOTH paper disagrees on that as far as CertificateVerify message is > concerned > > SP 800-52 rev-2 does not provide much in terms of justification why SLOTH > paper would be wrong and allows for SHA-1 signatures only in TLS 1.0 and > TLS > 1.1, it does not explicitly state that SHA-1 signatures in TLS 1.2 are > allowed... > Hello All, We've updated the document based on the feedback we've got: We've re-added deprecating sha-1 in ServerKeyExchange and CertificateVerify: https://tools.ietf.org/html/draft-lvelvindron-tls-md5-sha1-deprecate-05 -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
