Re: [TLS] Issue 66: HMAC-256 based ciphersuites
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Title: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
I am for adding SHA256-based suites. We want to phase SHA1 out and phase its probable replacement in.
SHA1 did exhibit some weaknesses. and we hardly want to wait and see whether they will turn into exploits some day.
On 12/31/07 5:49 PM, "Eric Rescorla" <ekr at networkresonance.com> wrote:
Someone, I can't remember who, suggested that we add
HMAC-SHA256-based ciphersuites (i.e., ones that use it as a message
MAC) directly in TLS 1.2. I'm waffling as to whether it's a good
idea.
Arguments for:
- We made it the default for the PRF.
- It's weird to to to all this trouble and not define them.
Arguments against:
- There's nothing known wrong with HMAC-SHA1
- This revision is about flexibility, not actually adding new
digests.
Comments?
-Ekr
_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
--
Regards,
Uri
_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
