One question, currently SHA-1 signature are not only allowed by RFC7296, but even "SHOULD use as default”. 4307bis does not change this. Shouldn’t something be done about this. Right now (and even with 4307bis):
RSASSA-PKCS1-v1.5 with SHA-1 is MUST support and everything else (PSS+SHA-2, ECSDA+SHA-2) is just SHOULD (not even SHOULD+) and PKCS1-v1.5+SHA-2 is MAY. This does not seem good even short term... Feels like at a minimum, some authentication method with SHA-2 should be mandatory to support. Cheers, John _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
