On Friday, 14 October 2016 14:34:49 CEST Kazuho Oku wrote: > Considering that, to me it seems preferable if the draft stated that > both PKCS1 and SHA1 are obsoleted, and are allowed to be only used in > certificates. Or is there any need to handle PKCS1 and SHA1 > differently in protocol implementations?
there isn't, the only case is when you also implement TLSv1.2 Pure TLSv1.3 implementation shouldn't ever generate messages or try to verify messages signed with SHA-1 (or MD5 for that matter) -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls