It might pay to spend more time on explaining what you are trying to do.
The goal appears to be to remove a dependency on signature schemes that include
these weaker hash functions. But the introduction just says that the functions
are bad.
You should be very clear about what effect this has
Hubert Kario wrote:
>On Wednesday, 8 May 2019 02:31:57 CEST Martin Rex wrote:
>> Hubert Kario wrote:
Thanks to Peter Gutmann for the summary:
https://mailarchive.ietf.org/arch/msg/tls/g0MDCdZcHsvZefv4V8fssXMeEHs
which you may have missed.
>>>
>>> yes, Joux paper also
Hi all,
Following the recent thread on TLS 1.0 and TLS 1.1 deprecation, we
came up with a proposal to deprecate md5 and sha1 for digital
signatures in the TLS 1.2 spec.
Please find the draft at this url:
https://tools.ietf.org/html/draft-lvelvindron-tls-md5-sha1-deprecate-03
We look forward to
I received some editorial suggestions by private email during WG Last Call.
This update implements those suggestions.
Here is the URL for the diff:
https://www.ietf.org/rfcdiff?url1=draft-ietf-tls-tls13-cert-with-extern-psk-00=draft-ietf-tls-tls13-cert-with-extern-psk-01=--hwdiff
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.
Title : TLS 1.3 Extension for Certificate-based
Authentication with an External Pre-Shared Key
Author :
On Wednesday, 8 May 2019 02:31:57 CEST Martin Rex wrote:
> Hubert Kario wrote:
> >> Thanks to Peter Gutmann for the summary:
> >> https://mailarchive.ietf.org/arch/msg/tls/g0MDCdZcHsvZefv4V8fssXMeEHs
> >>
> >> which you may have missed.
> >
> > yes, Joux paper also shows that attacking
On Thu, May 9, 2019, at 16:09, Peter Gutmann wrote:
> You could just say "use SHA-2", which covers the whole family. Now in
> practice "SHA-2" means "SHA-256" so it'll be the same as saying SHA-256
> directly, but the more generic SHA-2 leaves it open to interpretation for the
> three people who
Benjamin Kaduk writes:
>We'd probably want to wordsmith it a bit more, as there's not exactly a
>strict ordering on hash function strength, and "minimum requirement" could be
>taken to mean "MUST use SHA-256", which is presumably not the intent.
You could just say "use SHA-2", which covers the