On Fri, Sep 2, 2016 at 11:38 AM, Yoav Nir <ynir.i...@gmail.com> wrote:
> > > On 2 Sep 2016, at 8:27 PM, Hubert Kario <hka...@redhat.com> wrote: > > > > On Friday, 2 September 2016 12:06:55 CEST Benjamin Kaduk wrote: > >> On 09/02/2016 12:04 PM, Eric Rescorla wrote: > >>> On Fri, Sep 2, 2016 at 8:25 AM, Dave Garrett <davemgarr...@gmail.com > >>> > >>> <mailto:davemgarr...@gmail.com>> wrote: > >>> On Friday, September 02, 2016 07:32:06 am Eric Rescorla wrote: > >>>> On Fri, Sep 2, 2016 at 3:42 AM, Ilari Liusvaara > >>> > >>> <ilariliusva...@welho.com <mailto:ilariliusva...@welho.com>> wrote: > >>>>> I also don't see why this should be in TLS 1.3 spec, instead of > >>>>> being > >>>>> its own spec (I looked up how much process BS it would be to > >>> > >>> get the > >>> > >>>>> needed registrations: informative RFC would do). > >>>> > >>>> I also am not following why we need to do this now. The reason > >>> > >>> we defined SHA-2 in > >>> > >>>> a new RFC was because (a) SHA-1 was looking weak and (b) we had > >>> > >>> to make significant > >>> > >>>> changes to TLS to allow the use of SHA-2. This does not seem to > >>> > >>> be that case. > >>> > >>> I don't think we strictly _need_ to do this now, however I think > >>> it's a good idea given that we'll need to do it eventually > >>> > >>> I'm not sure that that's true. > >> > >> Predicting future needs is not always reliable, yes. > >> > >>> From a release-engineering (standards-engineering?) perspective, I > still > >> > >> don't see any reasons to add it now, and do see reasons to not add it > now. > > > > what would be the reasons not to add it now? > > Several reasons: > - This is a core spec. Those don’t traditionally specify new algorithms > unless they’re MTI (like SHA-256 is TLS 1.2 and RSAPSS here) > - For now, SHA-3 is yet another national algorithm. Why add this and not > Streebog? [1] > I'm 100% in favor of adding any algorithm called Streebog. Also, perhaps Orcslayer. -Ekr > - Who’s to tell whether SHA-2 breaks earlier than SHA-3? > > So absent a desire to change MTI algorithms, I think publishing a “SHA-3 > and its use in TLS/IPsec/SSH/other” document is a fine idea, but not as > part of any core protocol. > > Yoav > > [1] I’m sure there are excellent reasons why SHA-3 is better. We don’t > just add any national standard unless we think we need it. > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls