On Fri, Oct 14, 2016 at 05:15:48PM +0200, Hubert Kario wrote: > On Friday, 14 October 2016 14:34:49 CEST Kazuho Oku wrote: > > Considering that, to me it seems preferable if the draft stated that > > both PKCS1 and SHA1 are obsoleted, and are allowed to be only used in > > certificates. Or is there any need to handle PKCS1 and SHA1 > > differently in protocol implementations? > > there isn't, the only case is when you also implement TLSv1.2 > > Pure TLSv1.3 implementation shouldn't ever generate messages or try to verify > messages signed with SHA-1 (or MD5 for that matter)
Unfortunately while one sees less and less use of SHA-1 as certificates expire, there still is use of SHA-1 in OCSP. The only place where my TLS library uses SHA-1 is with OCSP. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls