Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

To: RDugal at certicom.com (Rob Dugal)
Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
From: Martin Rex <Martin.Rex at sap.com>
Date: Wed, 5 Mar 2008 15:09:32 +0100 (MET)
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <OF8E422CE6.0B879BB8-ON85257403.0040C27F-85257403.00418284 at certicom.com> from "Rob Dugal" at Mar 5, 8 06:54:11 am
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com
Sender: tls-bounces at ietf.org

Rob Dugal wrote:
> 
> You raise good points but by not having SHA-224 as a supported hash 
> algorithm you effectively prevent anyone from using any certificates which 
> use SHA-224 in TLS 1.2.
> If the certificate doesn't use a hash algorithm found in the 
> signature_algorithms extension then it cannot be used in TLS 1.2.

Maybe it is a good idea to use this as market pressure to
keep CAs from doing stupid things, such as issuing X.509
certificates with SHA-224 instead of SHA-256 in the signature.

(I hope that NIST didn't come up with a braindead suggestion to do so.)

-Martin
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Pasi.Eronen
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Paul Hoffman
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Len Sassaman

References:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Rob Dugal

Prev by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Previous by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Index(es):
- Date
- Thread

Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.