It's true, the migration will be slow, but IMHO it still makes sense to define and implement an alternative hash.
-----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Ilari Liusvaara Sent: Friday, December 15, 2017 10:34 AM To: Eric Rescorla <e...@rtfm.com> Cc: tls@ietf.org Subject: Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS On Fri, Dec 15, 2017 at 10:15:23AM -0800, Eric Rescorla wrote: > On Fri, Dec 15, 2017 at 10:12 AM, Watson Ladd <watsonbl...@gmail.com> wrote: > > > We can force a rotate of all certs in 90 days, and I don't think > > most people will notice. > > > > Unfortunately, there are plenty of longterm certificates with > lifetimes >> > 90 days. Yes, currently the lifetime limit for public certificates is 39 months, and will be reduced to 825 days (~27 months) effective March 2018. Then there is backdating to consider. It was seen in both MD5 and SHA-1 deprecations. So maximum certificate lifetime sets limit on how fast features can be flushed out. And then there would be enormous amounts of endpoints not supporting anything better. Those would have to be upgraded. All in all, a real mess. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=04%7C01%7CAndrei.Popov%40microsoft.com%7C248257e4202549b54e9208d543ea7ff7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636489596817634560%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=viW%2F6xW3bJoG6SlxgENwp%2BFH8%2Bqnb%2BFynkE4Yxfq%2Bjc%3D&reserved=0 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls