On Mon, May 22, 2017 at 08:19:46PM -0400, Dave Garrett wrote: > On Monday, May 22, 2017 05:31:55 pm Viktor Dukhovni wrote: > > So if putting the consensus to ban MD5/SHA-1 in its *proper context* > > is consistent with the WG consensus, let's do that. > > Yes, please.
+1 > On Monday, May 22, 2017 05:00:20 pm Nico Williams wrote: > > Well, I want it to be crystal clear that the "not MD5 and such" > > requirement need not apply to opportunistic TLS usage. If you don't > > like my text, maybe you can propose your own. > > My issue with this area is [...] > [...]. To do this in a > non-messy way, we'd have to delete the SHA-1 special-casing and state > that TLS 1.3+ implementations can only use deprecated hashes > (MD5/SHA1/SHA224/etc) if explicitly doing opportunistic encryption or some > scenario where trust can be established without validating them. Again, Works for me! > the trust anchor gets an exception here due to it being trusted directly > without need for validation, and they can get away with just a "NOT > RECOMMENDED". If we can agree to this, then the resulting text will end up > being far less problematic. If we can't get a consensus for this, I seriously > propose citing RFC 6919 s3. Yes, trust anchors are and should always be excepted (and need not be in the form of certificates anyways). Nico -- _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
