On Friday, 14 October 2016 14:34:49 CEST Kazuho Oku wrote:
> Considering that, to me it seems preferable if the draft stated that
> both PKCS1 and SHA1 are obsoleted, and are allowed to be only used in
> certificates. Or is there any need to handle PKCS1 and SHA1
> differently in protocol implementations?

there isn't, the only case is when you also implement TLSv1.2

Pure TLSv1.3 implementation shouldn't ever generate messages or try to verify 
messages signed with SHA-1 (or MD5 for that matter)
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

TLS mailing list

Reply via email to