On Friday, 2 September 2016 21:38:33 CEST Yoav Nir wrote: > > On 2 Sep 2016, at 8:27 PM, Hubert Kario <hka...@redhat.com> wrote: > > > > On Friday, 2 September 2016 12:06:55 CEST Benjamin Kaduk wrote: > >> On 09/02/2016 12:04 PM, Eric Rescorla wrote: > >>> On Fri, Sep 2, 2016 at 8:25 AM, Dave Garrett <davemgarr...@gmail.com > >>> > >>> <mailto:davemgarr...@gmail.com>> wrote: > >>> On Friday, September 02, 2016 07:32:06 am Eric Rescorla wrote: > >>>> On Fri, Sep 2, 2016 at 3:42 AM, Ilari Liusvaara > >>>> > >>> <ilariliusva...@welho.com <mailto:ilariliusva...@welho.com>> wrote: > >>>>> I also don't see why this should be in TLS 1.3 spec, instead of > >>>>> being > >>>>> its own spec (I looked up how much process BS it would be to > >>>>> > >>> get the > >>>>> > >>>>> needed registrations: informative RFC would do). > >>>> > >>>> I also am not following why we need to do this now. The reason > >>>> > >>> we defined SHA-2 in > >>>> > >>>> a new RFC was because (a) SHA-1 was looking weak and (b) we had > >>>> > >>> to make significant > >>>> > >>>> changes to TLS to allow the use of SHA-2. This does not seem to > >>>> > >>> be that case. > >>> > >>> I don't think we strictly _need_ to do this now, however I think > >>> it's a good idea given that we'll need to do it eventually > >>> > >>> I'm not sure that that's true. > >> > >> Predicting future needs is not always reliable, yes. > >> > >>> From a release-engineering (standards-engineering?) perspective, I still > >> > >> don't see any reasons to add it now, and do see reasons to not add it > >> now. > > > > what would be the reasons not to add it now? > > Several reasons: > - This is a core spec. Those don’t traditionally specify new algorithms > unless they’re MTI (like SHA-256 is TLS 1.2 and RSAPSS here) > - For now, > SHA-3 is yet another national algorithm. Why add this and not Streebog? [1] > - Who’s to tell whether SHA-2 breaks earlier than SHA-3?
But then we have: * AES and ChaCha (two modes for the former one even) * RSA and ECDSA * NIST curves and Bernstein curves * ECDHE key exchange an DHE key exchange only the SHA-2 stands alone... -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls